(see links to patchset at end of mail) While btrfs-progs offer the all-inclusive "btrfs" command, it gets pretty cumbersome to restrict privileges to the subcommands. Common approaches are to either setuid root for "/sbin/btrfs" (which is not recommended at all), or to write special sudo rules for each subcommand needed.
As a sysadmin, I like to see separate binaries for each task, so that I can easily set elevated privileges (capabilities or setuid) on each of them. A typical use case where this is needed is when it comes to automated scripts, in my case creating snapshots and send/receive them via ssh (automated by btrbk). I hacked a little proof-of-concept on top of btrfs-progs, which adds some extra binaries for specific tasks, with the result looking like this: # ls -l /usr/bin/btrfs-* -rwxr-x--- 1 root btrfs [...] /usr/bin/btrfs-receive -rwxr-x--- 1 root btrfs [...] /usr/bin/btrfs-send -rwxr-x--- 1 root btrfs [...] /usr/bin/btrfs-subvolume-list -rwxr-x--- 1 root btrfs [...] /usr/bin/btrfs-subvolume-show -rwxr-x--- 1 root btrfs [...] /usr/bin/btrfs-subvolume-snapshot # getcap /usr/bin/btrfs-* /usr/bin/btrfs-receive = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_admin,cap_mknod+ep /usr/bin/btrfs-send = cap_dac_read_search,cap_sys_admin+ep /usr/bin/btrfs-subvolume-list = cap_dac_read_search,cap_sys_admin+ep /usr/bin/btrfs-subvolume-show = cap_dac_read_search,cap_sys_admin+ep /usr/bin/btrfs-subvolume-snapshot = cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_admin+ep On the remote hosts I now simply need to install these binaries (e.g. "btrfs-subvolume-snapshot" and "btrfs-send" for backup sources), and make sure the user calling them is in the 'btrfs' group. This gives me a good feeling of a simple and secure system. The patch needed to achieve this is pretty straight-forward, and if you are interested I will gladly work on a clean implementation for btrfs-progs. The patchset (proof-of-concept) is here: https://github.com/digint/btrfs-progs/tree/separated_executables Complete diff to v4.5.2 here: https://github.com/digint/btrfs-progs/compare/master...digint:separated_executables A (also very experimental) gentoo ebuild for this is available in digint-overlay, "sys-fs/btrfs-progs-suid": git://dev.tty0.ch/portage/digint-overlay.git -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
