Bug#342455: tech-ctte: Ownership and permissions of device mapper block devices

Tue, 13 Dec 2005 09:48:39 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Jackson <[EMAIL PROTECTED]> writes:

> Raul Miller writes ("Bug#342455: tech-ctte: Ownership and permissions of 
> device mapper block devices"):
>> I've been looking at these bugs, and I can see no good reason for the 600
>> permissions, nor the reason to avoid using the disk group.
>
> I basically agree, but I'm going to try to play devil's advocate at
> least a little bit (because I don't like decisions made in a vacuum).
>
> In the bug report the only thing resembling a technical objecting to
> the 660 root.disk mode is the complaint that this makes the disk group
> equivalent to root.  This seems to be me to be largely true.  For this
> very reason, on my own systems I generally have disk devices 640
> root.disk.
>
> Do we know whether Amanda would work with 640 root.disk ?

I've just tested this on a company machine.  /usr/sbin/amcheck appears
to work correctly, but I can't risk leaving the perms changed for the
real backup run tonight.  Since I'm using tar (as opposed to dump or
restore), I'm not certain the permissions actually have any effect in
this case (because the filesystem is already mounted, tar can just use
that; it doesn't even have to mount it).

If you were using dump and restore, you would presumably need read and
read+write permissions respectively, so IMO 0660 is the correct
default in this situation, especially if you account for folks who do
backups without amanda, but still make use of the disk group.


Regards,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFDnwObVcFcaSW/uEgRAm79AKCuqkXZDiSux7Ntoa9GwXd4SoYHQACfevdr
j6PLegyQSvwmMTJW+vXlnyk=
=5/8t
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to