[Bug 232021] zfs cannot mount 'dataset': Insufficient privileges
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Oct 9 07:55:58 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232021
--- Comment #14 from Oleg <supportsobaka at mail.ru> ---
(In reply to Allan Jude from comment #13)
Bob can unmount /etc or destroy it when permissions delegated incorrectly.
Don't delegate mountpoint permissions if don't want allow mount to /etc.
And so on... this all about acts of admin who configures the system what to
allow and what not to allow. Moreover, in my case unprivileged user is managed
by the same person, i.e. me and/or replication scripts that run from that user
cannot be modified to allow dangerous acts.
What really looks "oddly asymmetrical" to me is that VFCF_DELEGADMIN flag is
not checked on mount but unmount only. I would like to get a patch to change
this behavior or additional dangerous sysctl that will allow mount to anywhere
for unprivileged user.
I guess the problem here that vfs.usermount has an effect to any user, not just
the one related with delegated permissions with zfs. Right? If so, then I see
why "Mounting is more dangerous". In that case the best solution will be to
have individual sysct for both mount and unmount in relation with zfs
permission delegation subsystem only... or just leave vfs.usermount for
anything else except zfs delegation subsystem and add another permission
"unmount" for zfs allow... something like that should cover all scenarios.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list