Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices

To: Bastian Blank <waldi@debian.org>
Cc: moth@debian.org, debian-ctte@lists.debian.org, 342455@bugs.debian.org
Subject: Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
From: Ian Jackson <ian@davenant.greenend.org.uk>
Date: Wed, 14 Dec 2005 13:54:45 +0000
Message-id: <[🔎] 17312.9253.155145.637420@davenant.relativity.greenend.org.uk>
In-reply-to: <[🔎] 20051214100007.GA31043@wavehammer.waldi.eu.org>
References: <[🔎] 20051207225054.GA1021@whinlatter.ukfsn.org> <[🔎] d0461dbe0512111347r77ebec8p3f8389299bd730b9@mail.gmail.com> <[🔎] 17310.61141.261977.637517@davenant.relativity.greenend.org.uk> <[🔎] 20051214100007.GA31043@wavehammer.waldi.eu.org>

Bastian Blank writes ("Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices"):
> On Tue, Dec 13, 2005 at 03:55:01PM +0000, Ian Jackson wrote:
> > [Raul Miller:]
> > > 1) change devmapper defaults -- patch rejected, no reason given
> > Certainly I agree that the defaults should be changed.
> 
> At least in my point of view, a default is something which can be
> changed easily, maybe in a config file. In this case, it is no default,
> it is the value which anything gets.

You seem to be saying that there is no way to override the setting.
Which proposed setting are you talking about here - the change in the
call to configure, or some other change ?

How do you think this problem should be solved ?

> > > I've also seen the suggestion that we should have a explicit
> > > technical policy that block devices should default to having 660
> > > permissions with owner root and group disk.  [...]
> 
> This breaks anything which wants to use group cdrom for cdrom access
> without manual intervention.

Obviously the policy language would have to be carefully worded to
ensure that it applied to disks and not (eg) to cdrom devices.

> > > Finally, I don't see any reasoning given for things being the
> > way they are > currently.  There might be some such reason, but
> > I'm a bit dubious -- > if there was a good reason, why wasn't it
> > spelled out months ago?
> 
> "Secure by default" is no reason? You can always overwrite it on
> runtime.

Are you saying that the current default permissions on (eg) /dev/hda*
are insecure and therefore wrong ?  If they are, what significant good
does it do to make the lvm devices inaccessible to group disk (since
it is possible to avoid going through LVM to access the disks
directly).

> > I agree, if we can settle my quibble about group-write.
> 
> If the upper don't apply, 666 is also a valid setting.

This is some kind of straw man.

Is the problem with your participation in this discussion that English
isn't your native language ?  If not, please let us know and perhaps
we can get someone to help translate.

Ian.

Reply to:

Follow-Ups:
- Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Bastian Blank <waldi@debian.org>

References:
- tech-ctte: Ownership and permissions of device mapper block devices
  - From: Roger Leigh <rleigh@debian.org>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Raul Miller <moth.debian@gmail.com>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Ian Jackson <ian@davenant.greenend.org.uk>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Next by Date: Processed: reassign 341839 to tech-ctte
Previous by thread: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Next by thread: Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Index(es):
- Date
- Thread