Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices

To: Ian Jackson <ian@davenant.greenend.org.uk>
Cc: moth@debian.org, debian-ctte@lists.debian.org, 342455@bugs.debian.org
Subject: Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
From: Bastian Blank <waldi@debian.org>
Date: Fri, 16 Dec 2005 14:08:38 +0100
Message-id: <[🔎] 20051216130838.GA26196@wavehammer.waldi.eu.org>
Mail-followup-to: Bastian Blank <waldi@debian.org>, Ian Jackson <ian@davenant.greenend.org.uk>, moth@debian.org, debian-ctte@lists.debian.org, 342455@bugs.debian.org
In-reply-to: <[🔎] 17312.9253.155145.637420@davenant.relativity.greenend.org.uk>
References: <[🔎] 20051207225054.GA1021@whinlatter.ukfsn.org> <[🔎] d0461dbe0512111347r77ebec8p3f8389299bd730b9@mail.gmail.com> <[🔎] 17310.61141.261977.637517@davenant.relativity.greenend.org.uk> <[🔎] 20051214100007.GA31043@wavehammer.waldi.eu.org> <[🔎] 17312.9253.155145.637420@davenant.relativity.greenend.org.uk>

On Wed, Dec 14, 2005 at 01:54:45PM +0000, Ian Jackson wrote:
> Bastian Blank writes ("Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices"):
> > On Tue, Dec 13, 2005 at 03:55:01PM +0000, Ian Jackson wrote:
> > > [Raul Miller:]
> > > > 1) change devmapper defaults -- patch rejected, no reason given
> > > Certainly I agree that the defaults should be changed.
> > At least in my point of view, a default is something which can be
> > changed easily, maybe in a config file. In this case, it is no default,
> > it is the value which anything gets.
> You seem to be saying that there is no way to override the setting.
> Which proposed setting are you talking about here - the change in the
> call to configure, or some other change ?

The first.

> How do you think this problem should be solved ?

Add an interface to change the setting on device creation and delegate
the problem to the tools.

> > > > I've also seen the suggestion that we should have a explicit
> > > > technical policy that block devices should default to having 660
> > > > permissions with owner root and group disk.  [...]
> > This breaks anything which wants to use group cdrom for cdrom access
> > without manual intervention.
> Obviously the policy language would have to be carefully worded to
> ensure that it applied to disks and not (eg) to cdrom devices.

devmapper don't provide disks. It provides a view (in the SQL meaning)
of block devices.

> Are you saying that the current default permissions on (eg) /dev/hda*
> are insecure and therefore wrong ?

Yes, I overwrite them on my machines.

>                                     If they are, what significant good
> does it do to make the lvm devices inaccessible to group disk (since
> it is possible to avoid going through LVM to access the disks
> directly).

deviver-mapper uses major and minor for the communication, only the
userspace tools uses the devices to read data or just map them to the
device number.

> Is the problem with your participation in this discussion that English
> isn't your native language ?

Yes, it is one.

Bastian

-- 
Even historians fail to learn from history -- they repeat the same mistakes.
		-- John Gill, "Patterns of Force", stardate 2534.7

Reply to:

Follow-Ups:
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Raul Miller <moth.debian@gmail.com>

References:
- tech-ctte: Ownership and permissions of device mapper block devices
  - From: Roger Leigh <rleigh@debian.org>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Raul Miller <moth.debian@gmail.com>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Ian Jackson <ian@davenant.greenend.org.uk>
- Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Bastian Blank <waldi@debian.org>
- Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

Prev by Date: Re: Processed: reassign 341839 to tech-ctte
Next by Date: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Previous by thread: Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Next by thread: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
Index(es):
- Date
- Thread