Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices
On Tue, Dec 20, 2005 at 12:35:00AM -0500, Raul Miller wrote:
> I'm trying to ask why you are unwilling to have devmapper disks provide
> a default of root.disk 660? Why can't you allow that to be the default?
You can always make permissions less strict, you can't make them more
strict, as the checks are only done on open.
> Is there some reason you can't have implement your personally preferred
> policy of root.root 600 on just your own system? Is there some reason
> for projecting your personal policies incompletely onto an arbitrary
> subset of debian's users?
Hu? 10 people are an arbitrary subset?
> Is there something about this question I'm asking which doesn't make
> sense to you?
Yes, there seems to be one tool (named amanda) which uses the devices
directly without the posix compilant capability CAP_DAC_READ which is
there for backup reasons.
> You seem to be asserting: "a malicious person who handles backups could
> use the disk group to obtain root access, so you should force backup programs
> to run as root." But that does not seem to be a reasonable position:
I never said, that they should run as root.
> (1) There are risks other than a malicious people -- by ensuring backup programs
> don't have to run as root, we minimize the risks that such programs will do
> something they weren't designed to do.
Many tools have additional checks to never do anything as root. Now you
have just another user with the same rights.