Re: Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices

[Roger Leigh <rleigh@whinlatter.ukfsn.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bastian Blank <waldi@debian.org> writes:

> On Tue, Dec 13, 2005 at 03:55:01PM +0000, Ian Jackson wrote:
>> > 1) change devmapper defaults -- patch rejected, no reason given
>> Certainly I agree that the defaults should be changed.
>
> At least in my point of view, a default is something which can be
> changed easily, maybe in a config file. In this case, it is no default,
> it is the value which anything gets.

No.  A default is what happens in the *absence* of any configuration,
i.e. what is compiled into the devmapper packages.

$ dict default
- From WordNet (r) 2.0 (August 2003) [wn]:

  default
      4: an option that is selected automatically unless an
         alternative is specified [syn: {default option}]

>> > I've also seen the suggestion that we should have a explicit
>> > technical policy that block devices should default to having 660
>> > permissions with owner root and group disk.  I don't have any
>> > objections to such a policy, but I don't see that solving this
>> > problem should wait on the adoption of this policy.
>> Quite so.  (Modulo my comments about the exact mode, above.)
>
> This breaks anything which wants to use group cdrom for cdrom access
> without manual intervention.

No one suggested that this would apply to CD-ROM devices.  They aren't
disk block devices.

>> > Finally, I don't see any reasoning given for things being the way they are
>> > currently.  There might be some such reason, but I'm a bit dubious --
>> > if there was a good reason, why wasn't it spelled out months ago?
>
> "Secure by default" is no reason? You can always overwrite it on
> runtime.

By default, no user belongs to group disk, so it is secure.  The
system administrator has to take special steps to make it insecure.

The amanda-common postinst adds the backup user to the disk and tape
groups, for example.  The backup *system* user exists solely for the
purpose of creating and restoring backups, and is equivalent to user
nobody but with disk and tape access.  You could consider it
"equivalent to root", since it does have full system access, but it's
only ever used from e.g. /etc/cron.d.


Regards,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFDpAm8VcFcaSW/uEgRAgrRAKDmkLBpHXBH9GNL3CCktgz2q3xUAACcDS7W
KmL48TPLrrqzDBBQ3Pv+Wak=
=Cjae
-----END PGP SIGNATURE-----