From owner-freebsd-stable@FreeBSD.ORG Sat Jan 8 19:30:30 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B460016A4CE; Sat, 8 Jan 2005 19:30:30 +0000 (GMT) Received: from mail20.syd.optusnet.com.au (mail20.syd.optusnet.com.au [211.29.132.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1779D43D2F; Sat, 8 Jan 2005 19:30:30 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) j08JUOMG011661 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 9 Jan 2005 06:30:28 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])j08JUOxP046730; Sun, 9 Jan 2005 06:30:24 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost)j08JUOH1046729; Sun, 9 Jan 2005 06:30:24 +1100 (EST) (envelope-from pjeremy) Date: Sun, 9 Jan 2005 06:30:24 +1100 From: Peter Jeremy To: "Simon L. Nielsen" Message-ID: <20050108193024.GH39552@cirb503493.alcatel.com.au> References: <200501081532.22911.emanuel.strobl@gmx.net> <20050108144117.GC13899@zaphod.nitro.dk> <200501081549.21317.emanuel.strobl@gmx.net> <20050108153313.GF13899@zaphod.nitro.dk> <20050108183942.GB795@darkness.comp.waw.pl> <20050108185456.GK13899@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050108185456.GK13899@zaphod.nitro.dk> User-Agent: Mutt/1.4.2i cc: Emanuel Strobl cc: freebsd-stable@freebsd.org cc: Pawel Jakub Dawidek Subject: Re: GMIRROR can be destroyed by ordinary users X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jan 2005 19:30:30 -0000 On Sat, 2005-Jan-08 19:54:56 +0100, Simon L. Nielsen wrote: >On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: >> On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: >> +> I'm not really sure it is expected that you can do that when being in >> +> the operator group. >> >> Yes. If you want to change it you should do: >> >> # chmod 600 /dev/geom.ctl > >Being in the operator group only gives read access to /dev/geom.ctl >(it's root:operator crw-r-----) so I think it's somewhat counter >intuitive that one can stop the mirror without write permission there. >Wouldn't it be better to only allow stopping the mirror (and similar) >if the user has write access to geom.ctl? In some ways, it's not. The "operator" group is intended for users who perform backups (they can read the disks and therefore perform dumps of them). One approach to backing up mirrored systems is to detach one mirror and back it up. Once the backup is finished, you re-attach the mirror. Given this, it is reasonable for "operator"s to be able to fiddle with mirrors. This approach is mostly obsoleted by soft-updates snapshots but is still relevant if: - you aren't running soft-updates for any reason - the filesystem is too dynamic and full for a snapshot to survive for the time needed for a backup. However, overall, I would agree with Simon that being able to make changes to a device that is opened read-only is counter-intuitive. -- Peter Jeremy