Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Raul Miller writes ("Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices"):
> I've been looking at these bugs, and I can see no good reason for the 600
> permissions, nor the reason to avoid using the disk group.
I basically agree, but I'm going to try to play devil's advocate at
least a little bit (because I don't like decisions made in a vacuum).
In the bug report the only thing resembling a technical objecting to
the 660 root.disk mode is the complaint that this makes the disk group
equivalent to root. This seems to be me to be largely true. For this
very reason, on my own systems I generally have disk devices 640
Do we know whether Amanda would work with 640 root.disk ?
> There also seems to be some huge confusion about where responsibility for
> setting permissions and group should be handled.
> Here's what I currently see suggested:
> 1) change devmapper defaults -- patch rejected, no reason given
Certainly I agree that the defaults should be changed.
> I've also seen the suggestion that we should have a explicit technical policy
> that block devices should default to having 660 permissions with owner root
> and group disk. I don't have any objections to such a policy, but I don't
> see that solving this problem should wait on the adoption of this policy.
Quite so. (Modulo my comments about the exact mode, above.)
> Finally, I don't see any reasoning given for things being the way they are
> currently. There might be some such reason, but I'm a bit dubious --
> if there was a good reason, why wasn't it spelled out months ago?
Indeed. I think the committee's ruling should explicitly castigate
the devmapper maintainer for failing to engage constructively with any
of the submitters. This is outside our primary scope of course but we
are entitled by our remit to make formal position statements about any
matter, and it seems legitimate for us to criticise the way someone
has handled a disagreement.
> Based on what I've seen so far, I'd recommend that the defaults for
> devmapper be changed using Roger Leigh's 7 Dec patch from the
> 329409 bug report be adopted, that Bdale Garbee's 19 Nov patch
> from the same bug report be adopted, and that policy be changed
> to specify the default group and permissions for disk devices.
I agree, if we can settle my quibble about group-write.
We should also explicitly suggest that an NMU would be appropriate if
the maintainer chooses not to get around to applying the patches.
> I'm hoping someone can tell me what I've overlooked -- what is so
> important here that's prevented this issue from being resolved?
I can't see it and the responsible package maintainer doesn't seem to
be telling us.