On Fri, Feb 10, 2006 at 04:29:39PM +0000, Ian Jackson wrote:
> Raul Miller writes ("Re: #342455"):
> > I agree that the devmapper default should match other
> > debian defaults, and vice-versa.
> If I may try to channel Bastian Blank for a moment:
> The proposed change to devmapper changes the permissions for all block
> devices, doesn't it ? Whereas the other debian defaults vary from one
> kind of device to another. For example, floppies are g+w floppy.
So which devmapper devices are people using on which it would be wrong to
grant access to the "disk" group? /dev/loop* are also group: disk, as are
removable USB mass-storage devices; I've never heard of anyone building a VG
on top of a floppy or a cdrom, which are AFAIK the only exceptions to the
usual permissions among block devices.
> For changing the `default' by changing the permissions at device
> creation time at the very least introduces a race, where the device
> briefly has the default permissions; if the defaults are maximally
> restrictive then this is OK. But unless you think that group disk is
> supposed to be maximally powerful then this means that the device will
> (probably momentarily) have overly-weak permissions.
So this objection is based on the assumption that users may want to *not*
grant group: disk access to their block devices? Is that actually a
scenario worth supporting? I mean, if you have users that you don't want to
have access to your block devices, why are they in group disk?
Otherwise, having access to the underlying block devices means having access
to meddle with anything on the LVM devices as well.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature