From owner-freebsd-stable@FreeBSD.ORG Sat Jan 8 15:33:15 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9A3616A4CE for ; Sat, 8 Jan 2005 15:33:15 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DFED43D31 for ; Sat, 8 Jan 2005 15:33:15 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 8A35511E13; Sat, 8 Jan 2005 16:33:14 +0100 (CET) Date: Sat, 8 Jan 2005 16:33:14 +0100 From: "Simon L. Nielsen" To: Emanuel Strobl Message-ID: <20050108153313.GF13899@zaphod.nitro.dk> References: <200501081532.22911.emanuel.strobl@gmx.net> <20050108144117.GC13899@zaphod.nitro.dk> <200501081549.21317.emanuel.strobl@gmx.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8JPrznbw0YAQ/KXy" Content-Disposition: inline In-Reply-To: <200501081549.21317.emanuel.strobl@gmx.net> User-Agent: Mutt/1.5.6i cc: freebsd-stable@freebsd.org Subject: Re: GMIRROR can be destroyed by ordinary users X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jan 2005 15:33:15 -0000 --8JPrznbw0YAQ/KXy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.01.08 15:49:16 +0100, Emanuel Strobl wrote: > Am Samstag, 8. Januar 2005 15:41 schrieb Simon L. Nielsen: >=20 > > > I think it's a big error that ordinary users can issue a 'gmirror > > > stop /dev/mirrir/sample' with success! > > > > Are you sure about that? I can't do it on my test system: > > > > [simon@trillian:~] gmirror stop /dev/mirror/sys0 > > Permission denied >=20 > I'm quiet sure because I accidentally did it once, but unfortnately now I= =20 > don't have a test machine. The only "not so ordinary" about my user is th= at=20 > it's in the group wheel. If you have a test machine, could you find out i= f=20 > that's the error? My user was also in wheel so that should not be the problem. If your user is in operator it might be another matter though (new test): [simon@trillian:~] id uid=3D2000(simon) gid=3D2000(simon) groups=3D2000(simon), 0(wheel), 5(opera= tor), 68(dialer) [simon@trillian:~] ll /dev/mirror/sys0 crw-r----- 1 root operator 233, 3 Jan 6 11:23 /dev/mirror/sys0 [simon@trillian:~] gmirror stop sys0 Cannot destroy device sys0 (error=3D16). [simon@trillian:~] gmirror stop -f sys0 I don't have a console on the system right now but I assume it got unhappy that I pulled the device under the file system :-). I'm not really sure it is expected that you can do that when being in the operator group. --=20 Simon L. Nielsen --8JPrznbw0YAQ/KXy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB3/05h9pcDSc1mlERAtgaAJ42Au7+Gs1ScRf7nW3utt/dTVd/qQCgqjBM 6cUQ7EruyDALTjQTbpXp0w0= =/bPS -----END PGP SIGNATURE----- --8JPrznbw0YAQ/KXy--