GMIRROR can be destroyed by ordinary users
Simon L. Nielsen
simon at FreeBSD.org
Sat Jan 8 07:33:15 PST 2005
On 2005.01.08 15:49:16 +0100, Emanuel Strobl wrote:
> Am Samstag, 8. Januar 2005 15:41 schrieb Simon L. Nielsen:
>
> > > I think it's a big error that ordinary users can issue a 'gmirror
> > > stop /dev/mirrir/sample' with success!
> >
> > Are you sure about that? I can't do it on my test system:
> >
> > [simon at trillian:~] gmirror stop /dev/mirror/sys0
> > Permission denied
>
> I'm quiet sure because I accidentally did it once, but unfortnately now I
> don't have a test machine. The only "not so ordinary" about my user is that
> it's in the group wheel. If you have a test machine, could you find out if
> that's the error?
My user was also in wheel so that should not be the problem. If your
user is in operator it might be another matter though (new test):
[simon at trillian:~] id
uid=2000(simon) gid=2000(simon) groups=2000(simon), 0(wheel), 5(operator), 68(dialer)
[simon at trillian:~] ll /dev/mirror/sys0
crw-r----- 1 root operator 233, 3 Jan 6 11:23 /dev/mirror/sys0
[simon at trillian:~] gmirror stop sys0
Cannot destroy device sys0 (error=16).
[simon at trillian:~] gmirror stop -f sys0
<hang>
I don't have a console on the system right now but I assume it got
unhappy that I pulled the device under the file system :-).
I'm not really sure it is expected that you can do that when being in
the operator group.
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050108/cc44694d/attachment.bin
More information about the freebsd-stable
mailing list