From owner-freebsd-stable@FreeBSD.ORG Sat Jan 8 18:54:59 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8698816A4CE; Sat, 8 Jan 2005 18:54:59 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F33943D39; Sat, 8 Jan 2005 18:54:59 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 4EB0D11E13; Sat, 8 Jan 2005 19:54:57 +0100 (CET) Date: Sat, 8 Jan 2005 19:54:56 +0100 From: "Simon L. Nielsen" To: Pawel Jakub Dawidek Message-ID: <20050108185456.GK13899@zaphod.nitro.dk> References: <200501081532.22911.emanuel.strobl@gmx.net> <20050108144117.GC13899@zaphod.nitro.dk> <200501081549.21317.emanuel.strobl@gmx.net> <20050108153313.GF13899@zaphod.nitro.dk> <20050108183942.GB795@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYjDATHXTWnytHRU" Content-Disposition: inline In-Reply-To: <20050108183942.GB795@darkness.comp.waw.pl> User-Agent: Mutt/1.5.6i cc: Emanuel Strobl cc: freebsd-stable@freebsd.org Subject: Re: GMIRROR can be destroyed by ordinary users X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jan 2005 18:54:59 -0000 --zYjDATHXTWnytHRU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: > On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: > +> I'm not really sure it is expected that you can do that when being in > +> the operator group. >=20 > Yes. If you want to change it you should do: >=20 > # chmod 600 /dev/geom.ctl Being in the operator group only gives read access to /dev/geom.ctl (it's root:operator crw-r-----) so I think it's somewhat counter intuitive that one can stop the mirror without write permission there. Wouldn't it be better to only allow stopping the mirror (and similar) if the user has write access to geom.ctl? phk fixed some similar issues in some of the other GEOM classes not long ago, e.g. geom_bsd.c v. 1.71. --=20 Simon L. Nielsen --zYjDATHXTWnytHRU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB4CyAh9pcDSc1mlERApG1AJ4pKAjGJRbD/B4JwuoxE6f6EsNpswCgl6Zb Jh2tgm2nEPslwsDgj1XlIwM= =Um/G -----END PGP SIGNATURE----- --zYjDATHXTWnytHRU--