Dan Price wrote: > I know that at some point the performance guys wanted to make sync's by > non-root users do nothing, but IIRC it was deemed too risky or something. > Maybe we should go do that for Nevada. Anyone in request-sponsor land > have some background info they could point us at?
For want of a better place to discuss this I'm directing this to security discuss. Personally I depend on the fact that I can sync as a non root user. I might be paranoid or being silly but any time I hear thunderclaps I type sync. I also do it to when my laptop battery is getting low. If you were to modify sync you would also need to modify lockfs so that lockfs -f doesn't work without privilege either. I think these might be ideally specified as basic privileges, that is all users have them by default (just like the ability to see the existence of others processes in ps output) but they can be removed by the system admin. -- Darren J Moffat