From owner-freebsd-stable@FreeBSD.ORG Fri Jan 14 01:18:25 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0898316A4CE; Fri, 14 Jan 2005 01:18:25 +0000 (GMT) Received: from carver.gumbysoft.com (carver.gumbysoft.com [66.220.23.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE16C43D1D; Fri, 14 Jan 2005 01:18:24 +0000 (GMT) (envelope-from dwhite@gumbysoft.com) Received: by carver.gumbysoft.com (Postfix, from userid 1000) id D387672DD4; Thu, 13 Jan 2005 17:18:24 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by carver.gumbysoft.com (Postfix) with ESMTP id D097372DCB; Thu, 13 Jan 2005 17:18:24 -0800 (PST) Date: Thu, 13 Jan 2005 17:18:24 -0800 (PST) From: Doug White To: "Simon L. Nielsen" In-Reply-To: <20050108185456.GK13899@zaphod.nitro.dk> Message-ID: <20050113171630.M13904@carver.gumbysoft.com> References: <200501081532.22911.emanuel.strobl@gmx.net> <200501081549.21317.emanuel.strobl@gmx.net> <20050108183942.GB795@darkness.comp.waw.pl> <20050108185456.GK13899@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Emanuel Strobl cc: freebsd-stable@freebsd.org cc: Pawel Jakub Dawidek Subject: Re: GMIRROR can be destroyed by ordinary users X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 01:18:25 -0000 On Sat, 8 Jan 2005, Simon L. Nielsen wrote: > On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: > > On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: > > +> I'm not really sure it is expected that you can do that when being in > > +> the operator group. > > > > Yes. If you want to change it you should do: > > > > # chmod 600 /dev/geom.ctl > > Being in the operator group only gives read access to /dev/geom.ctl > (it's root:operator crw-r-----) so I think it's somewhat counter > intuitive that one can stop the mirror without write permission there. > Wouldn't it be better to only allow stopping the mirror (and similar) > if the user has write access to geom.ctl? ioctls generally open the control device read-only so they will succeed if the user had read access to the device. ioctls themselves do not have read or write permission bits, so its all-or-nothing unless the driver or kernel code does suser() type checks. At least at a filesystem level. -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org