Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
On Tue, Dec 13, 2005 at 03:55:01PM +0000, Ian Jackson wrote:
> > 1) change devmapper defaults -- patch rejected, no reason given
> Certainly I agree that the defaults should be changed.
At least in my point of view, a default is something which can be
changed easily, maybe in a config file. In this case, it is no default,
it is the value which anything gets.
> > I've also seen the suggestion that we should have a explicit technical policy
> > that block devices should default to having 660 permissions with owner root
> > and group disk. I don't have any objections to such a policy, but I don't
> > see that solving this problem should wait on the adoption of this policy.
> Quite so. (Modulo my comments about the exact mode, above.)
This breaks anything which wants to use group cdrom for cdrom access
without manual intervention.
> > Finally, I don't see any reasoning given for things being the way they are
> > currently. There might be some such reason, but I'm a bit dubious --
> > if there was a good reason, why wasn't it spelled out months ago?
"Secure by default" is no reason? You can always overwrite it on
runtime.
> I agree, if we can settle my quibble about group-write.
If the upper don't apply, 666 is also a valid setting.
Bastian
--
Each kiss is as the first.
-- Miramanee, Kirk's wife, "The Paradise Syndrome",
stardate 4842.6
Reply to: