Dne 16. 11. 18 v 14:43 Christoph Pleger napsal(a):
Hello,
Let's stop there. The fact you're asking a question about setuid
suggests you don't understand enough to be able to use it safely.
I get security by checking the real user id at the beginning of the program
and aborting the program if that uid does not belong to the only user who is
allowed to run the program. That user is me and I guess that it is much more
insecure to run the whole service that wants to authenticate users through PAM
as root.
How do you plan to 'authorize' passed command line options ??
lvm2 is designed to be always executed with root privileges - so it's believed
admin knows how he can destroy his own system.
It is NOT designed/supposed to be used as suid binary - this would give user a
way to big power to very easily destroy your filesystem and gain root
privileges (i.e.by overwriting /etc/passwd file)
So I'd highly recommend to avoid this path - unless you have total control
over the users.
Go back to the beginning and describe the original problem you are
trying to solve and the constraints you have and ask for advice about
ways to achieve it.
The beginning is that I want to create a user-specific logical volume when a
user logs in to a service that authenticates its users through pam and that
does not run as root.
You should probably consider some 'master & client' logic - where master runs
'allowed' rules translated to lvm2 commands internally on your server - and
client just issues some 'high-level' commands.
Regards
Zdenek
PS: there are some plans to support this over dBus - but no so much active
dBus development is going on ATM on lvm2 side....
_______________________________________________
linux-lvm mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-lvm
read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
