From owner-freebsd-current Fri Jan 31 14: 0:22 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E882637B401; Fri, 31 Jan 2003 14:00:20 -0800 (PST) Received: from purple.the-7.net (purple.the-7.net [209.126.178.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F41B43E4A; Fri, 31 Jan 2003 14:00:20 -0800 (PST) (envelope-from ab@purple.the-7.net) Received: from purple.the-7.net (localhost [IPv6:::1]) by purple.the-7.net (8.12.6/8.12.6) with ESMTP id h0VMHeM0074976; Fri, 31 Jan 2003 14:17:40 -0800 (PST) (envelope-from ab@purple.the-7.net) Received: (from ab@localhost) by purple.the-7.net (8.12.6/8.12.6/Submit) id h0VMHcRc074970; Fri, 31 Jan 2003 14:17:38 -0800 (PST) (envelope-from ab) Date: Fri, 31 Jan 2003 14:17:38 -0800 From: "Eugene M. Kim" To: "Jacques A. Vidrine" Cc: Kirk McKusick , Jun Kuriyama , Current , Robert Watson Subject: Re: dump -L and privilege Message-ID: <20030131221738.GA73402@purple.the-7.net> References: <7miswoocye.wl@black.imgsrc.co.jp> <200301300217.h0U2HVFL015158@beastie.mckusick.com> <20030130231501.GB75768@opus.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030130231501.GB75768@opus.celabo.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Moreover, the fact that the number of snapshots allowed on a filesystem is limited to a handful (src/sys/ufs/ffs/README.snapshot says 20) makes it possible for normal users to disrupt dump -L and other important operations that require snapshots. Alternative 2 seems a lot more sensible. Just my 2 KRW (1 USD ~= 1250 KRW) :D, Eugene On Thu, Jan 30, 2003 at 05:15:01PM -0600, Jacques A. Vidrine wrote: > On Wed, Jan 29, 2003 at 06:17:31PM -0800, Kirk McKusick wrote: > > Alternative 1 `usermount' > > The first would be > > to change the default for vfs.usermount == 1 and then have dump -L > > create the snapshot in a directory owned by "operator" (or by > > whatever user runs the dumps). Then the snapshot could be created, > > used, and deleted by that user. > > Alternative 2 `/sbin/snapshot' > > The other alternative would be to > > create a setuid-to-root program that would take a snapshot and > > chown it to the user that does dumps. This setuid program could > > then be invoked by dump -L to create a snapshot for it. > > Despite a distaste for setuid executables, I think I'd prefer a simple > /sbin/snapshot setuid program. Primarily, enabling `vfs.usermount' > gives more privileges to more users than I'm comfortable with. > Secondarily, /sbin/snapshot may be useful on its own. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message