GMIRROR can be destroyed by ordinary users

Peter Jeremy PeterJeremy at
Sat Jan 8 11:30:30 PST 2005

On Sat, 2005-Jan-08 19:54:56 +0100, Simon L. Nielsen wrote:
>On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote:
>> On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote:
>> +> I'm not really sure it is expected that you can do that when being in
>> +> the operator group.
>> Yes. If you want to change it you should do:
>> 	# chmod 600 /dev/geom.ctl
>Being in the operator group only gives read access to /dev/geom.ctl
>(it's root:operator crw-r-----) so I think it's somewhat counter
>intuitive that one can stop the mirror without write permission there.
>Wouldn't it be better to only allow stopping the mirror (and similar)
>if the user has write access to geom.ctl?

In some ways, it's not.  The "operator" group is intended for users
who perform backups (they can read the disks and therefore perform
dumps of them).  One approach to backing up mirrored systems is to
detach one mirror and back it up.  Once the backup is finished, you
re-attach the mirror.  Given this, it is reasonable for "operator"s
to be able to fiddle with mirrors.

This approach is mostly obsoleted by soft-updates snapshots but is
still relevant if:
- you aren't running soft-updates for any reason
- the filesystem is too dynamic and full for a snapshot to survive for
  the time needed for a backup.

However, overall, I would agree with Simon that being able to make
changes to a device that is opened read-only is counter-intuitive.

Peter Jeremy

More information about the freebsd-stable mailing list