On Sat, 8 Jan 2005, Simon L. Nielsen wrote: > On 2005.01.08 19:39:42 +0100, Pawel Jakub Dawidek wrote: > > On Sat, Jan 08, 2005 at 04:33:14PM +0100, Simon L. Nielsen wrote: > > +> I'm not really sure it is expected that you can do that when being in > > +> the operator group. > > > > Yes. If you want to change it you should do: > > > > # chmod 600 /dev/geom.ctl > > Being in the operator group only gives read access to /dev/geom.ctl > (it's root:operator crw-r-----) so I think it's somewhat counter > intuitive that one can stop the mirror without write permission there. > Wouldn't it be better to only allow stopping the mirror (and similar) > if the user has write access to geom.ctl?
ioctls generally open the control device read-only so they will succeed if the user had read access to the device. ioctls themselves do not have read or write permission bits, so its all-or-nothing unless the driver or kernel code does suser() type checks. At least at a filesystem level. -- Doug White | FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
