Re: [linux-lvm] Protection of used scsi disks by LVM

Re: [linux-lvm] Protection of used scsi disks by LVM

[Steffers]

Hello everyone..

> > I can easily go to /dev/sda1 for example, and erase everything on it.
>
> These are the UNIX/Linux semantics.
> 
> If one has the file/device special permission one can do every kind
> of stupid things which come to ones mind.
>

cat /dev/null > /dev/ttyS0 comes rapidly to mind ;)
 
> > Of course it is a stupid thing to do, but there is a minimal requirement
on
> > protection, isn't it ?
> Yes, you are right.
> but IMHO there's no way today with the existing kernel implementation.

this (afiak) isnt a 'kernel' problem but more a problem that could
be fixed in the userspace. All it would take is a quick diff to 
the 'mkfs' tools and fdisk (or whatever you use cfdisk, gdisk etc)
so that it would recognise the partition type of '8e' as a LV
and then not allow, or at least strenously warn, the user
as to what they are doing. this would seem to make more sense
and (to be honest) i would _hate_ it if Linux by default queried
my every command, so that suggest to me that it +is+ a per
user thing, and not a kernel issue.

also remember, that this isnt like 'certain other operating systems'.
*nix's in general are kind of like theism, with a 'god hands on
the machine' approach. If you want to do anything to the system 
then you have the power to do so at any point. If your 'god'
in an idiot, well, *shrug*.
 
regards,
Stefs

Re: [linux-lvm] Protection of used scsi disks by LVM

[Andi Kleen]

On Thu, Apr 27, 2000 at 03:52:47PM +0200, Sergey Vichik wrote:
> 
> Hello,
> 
> I have a question : 
> Why does LVM not protect the scsi devices which are used for volumes ?
> 
> I can easily go to /dev/sda1 for example, and erase everything on it.
> 
> Of course it is a stupid thing to do, but there is a minimal requirement on
> protection, isn't it ?

<as folklore says:>

Unix/Linux doesn't stop you (=root) from doing stupid things, because
that would stop you from doing clever things.


-Andi

Re: [linux-lvm] Protection of used scsi disks by LVM

[Paul Jakma]

On Thu, 27 Apr 2000, Heinz Mauelshagen wrote:

> Because it can't.
> The only way would be to remove then underlying devices from the genhd
> in the kernel, which obviously is not a good idea(tm) ;-{)
> 

:)


> These are the UNIX/Linux semantics.
> 
> If one has the file/device special permission one can do every kind
> of stupid things which come to ones mind.

indeed. However we can try to build a measure of intelligence into the
tools. Eg Digital Unix disklabel tools will not allow you to mess with
disklabels that are under control of the LVM or AdvFs.

(course you can still do it manually.)

So who wants to hack fdisk to check for LVM? :)

> 
> Regards,
> Heinz
> 
> 

-paul jakma

[linux-lvm] Protection of used scsi disks by LVM

[Sergey Vichik]

Hello,

I have a question : 
Why does LVM not protect the scsi devices which are used for volumes ?

I can easily go to /dev/sda1 for example, and erase everything on it.

Of course it is a stupid thing to do, but there is a minimal requirement on
protection, isn't it ?

I cannot think about the way to protect it, because LVM uses those disks as
every other programs.

Any ideas ?

Regards.

Sergey .

Re: [linux-lvm] Protection of used scsi disks by LVM

[Heinz Mauelshagen]

Hi Sergey.

> 
> Hello,
> 
> I have a question : 
> Why does LVM not protect the scsi devices which are used for volumes ?
> 

Because it can't.
The only way would be to remove then underlying devices from the genhd
in the kernel, which obviously is not a good idea(tm) ;-{)

> I can easily go to /dev/sda1 for example, and erase everything on it.

These are the UNIX/Linux semantics.

If one has the file/device special permission one can do every kind
of stupid things which come to ones mind.

> 
> Of course it is a stupid thing to do, but there is a minimal requirement on
> protection, isn't it ?
> 

Yes, you are right.
but IMHO there's no way today with the existing kernel implementation.

> I cannot think about the way to protect it, because LVM uses those disks as
> every other programs.
> 
> Any ideas ?
> 

Regards,
Heinz

-- 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Systemmanagement TS                              T-Nova
                                                 Entwicklungszentrum Darmstadt
Heinz Mauelshagen                                Otto-Roehm-Strasse 71c
Senior Systems Engineer                          Postfach 10 05 41
                                                 64205 Darmstadt
mge@EZ-Darmstadt.Telekom.de                      Germany
                                                 +49 6151 886-425
                                                          FAX-386
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-