[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices

* Bastian Blank (waldi@debian.org) wrote:
> > Is there some reason you can't have implement your personally preferred
> > policy of root.root 600 on just your own system?  Is there some reason
> > for projecting your personal policies incompletely onto an arbitrary
> > subset of debian's users?
> Hu? 10 people are an arbitrary subset?

I expect it's more than 10.  I know that I'm one of the folks following
along here and trying to understand why you can't manage to do what
every other block-device-creating maintainer does.

> I never said, that they should run as root.
> Many tools have additional checks to never do anything as root. Now you
> have just another user with the same rights.

You're contradicting yourself here.  Disk block devices have a specific,
standard permission setup in Debian.  Packages which create disk block
devices need to follow this standard.  

There really isn't anything else to discuss.  I don't particularly care
that you don't like amanda, you're wrong to think that making it be 600
is any more secure by default, no one seems to be jumping to bolster
your claims, and depending on a check to make sure one isn't running as
root to enforce security sounds like a rather serious problem to begin
with.  Consider that there are *many* other users whom it would be bad
to run as mistakenly (someone in the shadow group? Or the Postgres group
on your primary database server?).



Attachment: signature.asc
Description: Digital signature

Reply to: