Date: Sun, 9 Jan 2005 06:30:24 +1100 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: GMIRROR can be destroyed by ordinary users Message-ID: <20050108193024.GH39552@cirb503493.alcatel.com.au> In-Reply-To: <20050108185456.GK13899@zaphod.nitro.dk> References: <200501081532.22911.emanuel.strobl@gmx.net> <20050108144117.GC13899@zaphod.nitro.dk> <200501081549.21317.emanuel.strobl@gmx.net> <20050108153313.GF13899@zaphod.nitro.dk> <20050108183942.GB795@darkness.comp.waw.pl> <20050108185456.GK13899@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2005-Jan-08 19:54:56 +0100, Simon L. Nielsen wrote: >On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: >> On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: >> +> I'm not really sure it is expected that you can do that when being in >> +> the operator group. >> >> Yes. If you want to change it you should do: >> >> # chmod 600 /dev/geom.ctl > >Being in the operator group only gives read access to /dev/geom.ctl >(it's root:operator crw-r-----) so I think it's somewhat counter >intuitive that one can stop the mirror without write permission there. >Wouldn't it be better to only allow stopping the mirror (and similar) >if the user has write access to geom.ctl? In some ways, it's not. The "operator" group is intended for users who perform backups (they can read the disks and therefore perform dumps of them). One approach to backing up mirrored systems is to detach one mirror and back it up. Once the backup is finished, you re-attach the mirror. Given this, it is reasonable for "operator"s to be able to fiddle with mirrors. This approach is mostly obsoleted by soft-updates snapshots but is still relevant if: - you aren't running soft-updates for any reason - the filesystem is too dynamic and full for a snapshot to survive for the time needed for a backup. However, overall, I would agree with Simon that being able to make changes to a device that is opened read-only is counter-intuitive. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050108193024.GH39552>