https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232021
--- Comment #14 from Oleg <supportsob...@mail.ru> --- (In reply to Allan Jude from comment #13) Bob can unmount /etc or destroy it when permissions delegated incorrectly. Don't delegate mountpoint permissions if don't want allow mount to /etc. And so on... this all about acts of admin who configures the system what to allow and what not to allow. Moreover, in my case unprivileged user is managed by the same person, i.e. me and/or replication scripts that run from that user cannot be modified to allow dangerous acts. What really looks "oddly asymmetrical" to me is that VFCF_DELEGADMIN flag is not checked on mount but unmount only. I would like to get a patch to change this behavior or additional dangerous sysctl that will allow mount to anywhere for unprivileged user. I guess the problem here that vfs.usermount has an effect to any user, not just the one related with delegated permissions with zfs. Right? If so, then I see why "Mounting is more dangerous". In that case the best solution will be to have individual sysct for both mount and unmount in relation with zfs permission delegation subsystem only... or just leave vfs.usermount for anything else except zfs delegation subsystem and add another permission "unmount" for zfs allow... something like that should cover all scenarios. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
