Summary: | sys-fs/zfs-fuse should be running as "root:root" instead of "daemon:disk" | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | John W Eckhart <jweckhart> |
Component: | New packages | Assignee: | Christian Parpart (RETIRED) <trapni> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bug, lists, ssuominen |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Patch to run daemon as root user, which seems appropriate for a daemon accessing physical discs
working rc-script with root-privileges |
Description
John W Eckhart
2008-10-16 19:18:35 UTC
Created attachment 168704 [details, diff]
Patch to run daemon as root user, which seems appropriate for a daemon accessing physical discs
First of all, zfs-fuse does — as far as I know — not not need physical discs per se. So there should be an option. Like the “chroot” use flag, but maybe “physical”, to enable physical disk access functionality/right at install time. :) Then: Why is this patch (thank you for the work :) not in the portage tree yet? This is from nearly half a year ago! I see this quite often. Developers doing great work, fixing bugs, and this work then getting thrown away, by not ever putting it inside portage. And quite frankly: If the person who is not doing it, is overworked and/or can’t handle it, he should at least say so. No problem with that. We can help! :) Who do I contact, or how do I do it myself, to fix this? Hey guys, sorry for the late response, i've been overseas, however, I do not actually think, that every daemon has to run in with root privileges, especially where physical disks (by default) have the "disk" group assigned and are group read-/writable. Please correct me if i'm wrong, but with the above assumtion, it is more save to setuid/setgid into a non-root privileges. however, IF ppl still feel uncomfortable with root privilege dropping, I feel fine with adding a configuration variable that leave the administrator the option to override default "daemon:disk" service privileges. (In reply to comment #3) > Please correct me if i'm wrong, but with the above assumtion, it is more safe > to setuid/setgid into a non-root privileges. No, you are absolutely right. :) > however, IF ppl still feel uncomfortable with root privilege dropping, I feel > fine with adding a configuration variable that leave the administrator the > option to override default "daemon:disk" service privileges. Well, Gentoo is about choice and freedom. You never know when someone may really need it. Ok, if you can prove that nobody needs it, the better. :) But if it’s not feeling like a stupid loss of time… why not? :) In the end, it‘s your time, so you do, what you like the most. :) The same problem is still there for zfs-fuse 0.6.9. The init script should start the zfs-fuse binary with root-privileges. Comment on attachment 168704 [details, diff]
Patch to run daemon as root user, which seems appropriate for a daemon accessing physical discs
This patch seems to be doing the opposite, changing "root" to "daemon".
Reversed patch, perhaps?
How about a log of the failure? Reference to documentation? Anything to "proof" the "doesn't work" claim and I'll do the change in tree... (I don't use zfs-fuse myself) Created attachment 236271 [details]
working rc-script with root-privileges
I use this one with zfs-fuse 0.6.9 without the mentioned permission problems.
For sure the later rc-script also does it the root-way. http://bugs.gentoo.org/attachment.cgi?id=234253 (In reply to comment #7) > How about a log of the failure? Reference to documentation? Anything to "proof" > the "doesn't work" claim and I'll do the change in tree... Please look at these threads: http://groups.google.com/group/zfs-fuse/browse_thread/thread/fd2b7b8cfa6c055f# http://groups.google.com/group/zfs-fuse/browse_thread/thread/e662cccc094e1632# and http://zfs-fuse.net/issues/60 +*zfs-fuse-0.6.9-r1 (22 Jun 2010) + + 22 Jun 2010; Samuli Suominen <ssuominen@gentoo.org> + +zfs-fuse-0.6.9-r1.ebuild, +files/zfs-fuse: + Run as "root" instead of "daemon" wrt #242390 by Stefan G. Weichinger. Thanks Samuli. |