Date: Wed, 29 Jan 2003 18:17:31 -0800 From: Kirk McKusick <mckusick@beastie.mckusick.com> To: Jun Kuriyama <kuriyama@imgsrc.co.jp> Cc: Current <freebsd-current@FreeBSD.org>, Robert Watson <rwatson@tislabs.com> Subject: Re: dump -L and privilege Message-ID: <200301300217.h0U2HVFL015158@beastie.mckusick.com> In-Reply-To: Your message of "Fri, 17 Jan 2003 09:08:09 %2B0900." <7miswoocye.wl@black.imgsrc.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Fri, 17 Jan 2003 09:08:09 +0900 From: Jun Kuriyama <kuriyama@imgsrc.co.jp> To: mckusick@mckusick.com Cc: Current <freebsd-current@FreeBSD.org> Subject: dump -L and privilege X-ASK-Info: Confirmed by User I'm trying to use dump -L option to dump with snapshot on -current/RELENG_5_0 family. I found dump -L needs writable permission to the device (that's reasonable because it *writes* snapshot file). But when I try to dump by operator group, it's impossible to dump with -L option (target device has root:operator and crw-r-----). This behavior is understandable. But in actual backup operations, what should we do? I'd like to hear what you thought in design. (1) Do dump as root with -L option. (2) Do chmod g+w for device. (3) Other ideas? -- Jun Kuriyama <kuriyama@imgsrc.co.jp> // IMG SRC, Inc. <kuriyama@FreeBSD.org> // FreeBSD Project Sorry for the slow reply. I am just back from several weeks of travel and am trying to get caught up on my email. You have raised an important point here. By default (that is when vfs.usermount == 0) only root is allowed to do mounts. Since dump -L needs to do a snapshot, that can only be done by a root process. I see two possible solutions to the problem. The first would be to change the default for vfs.usermount == 1 and then have dump -L create the snapshot in a directory owned by "operator" (or by whatever user runs the dumps). Then the snapshot could be created, used, and deleted by that user. The other alternative would be to create a setuid-to-root program that would take a snapshot and chown it to the user that does dumps. This setuid program could then be invoked by dump -L to create a snapshot for it. I favor the first approach, but there may be good security issues of which I am unaware that make that a bad choice. Perhaps we could get someone like Robert Watson to comment on these choices. Kirk McKusick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301300217.h0U2HVFL015158>