Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Jan 2005 16:33:14 +0100
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Emanuel Strobl <emanuel.strobl@gmx.net>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: GMIRROR can be destroyed by ordinary users
Message-ID:  <20050108153313.GF13899@zaphod.nitro.dk>
In-Reply-To: <200501081549.21317.emanuel.strobl@gmx.net>
References:  <200501081532.22911.emanuel.strobl@gmx.net> <20050108144117.GC13899@zaphod.nitro.dk> <200501081549.21317.emanuel.strobl@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--8JPrznbw0YAQ/KXy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.01.08 15:49:16 +0100, Emanuel Strobl wrote:
> Am Samstag, 8. Januar 2005 15:41 schrieb Simon L. Nielsen:
>=20
> > > I think it's a big error that ordinary users can issue a 'gmirror
> > > stop /dev/mirrir/sample' with success!
> >
> > Are you sure about that?  I can't do it on my test system:
> >
> > [simon@trillian:~] gmirror stop /dev/mirror/sys0
> > Permission denied
>=20
> I'm quiet sure because I accidentally did it once, but unfortnately now I=
=20
> don't have a test machine. The only "not so ordinary" about my user is th=
at=20
> it's in the group wheel. If you have a test machine, could you find out i=
f=20
> that's the error?

My user was also in wheel so that should not be the problem.  If your
user is in operator it might be another matter though (new test):

[simon@trillian:~] id
uid=3D2000(simon) gid=3D2000(simon) groups=3D2000(simon), 0(wheel), 5(opera=
tor), 68(dialer)
[simon@trillian:~] ll /dev/mirror/sys0
crw-r-----  1 root  operator  233,   3 Jan  6 11:23 /dev/mirror/sys0
[simon@trillian:~] gmirror stop sys0
Cannot destroy device sys0 (error=3D16).
[simon@trillian:~] gmirror stop -f sys0
<hang>

I don't have a console on the system right now but I assume it got
unhappy that I pulled the device under the file system :-).

I'm not really sure it is expected that you can do that when being in
the operator group.

--=20
Simon L. Nielsen

--8JPrznbw0YAQ/KXy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFB3/05h9pcDSc1mlERAtgaAJ42Au7+Gs1ScRf7nW3utt/dTVd/qQCgqjBM
6cUQ7EruyDALTjQTbpXp0w0=
=/bPS
-----END PGP SIGNATURE-----

--8JPrznbw0YAQ/KXy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050108153313.GF13899>