archive mirror
 help / color / mirror / Atom feed
From: Zdenek Kabelac <>
To: LVM general discussion and development <>,
	Christoph Pleger <>
Cc: Alasdair G Kergon <>
Subject: Re: [linux-lvm] lvcreate from a setuid-root binary
Date: Fri, 16 Nov 2018 16:32:17 +0100	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Dne 16. 11. 18 v 14:43 Christoph Pleger napsal(a):
> Hello,
>> Let's stop there.� The fact you're asking a question about setuid
>> suggests you don't understand enough to be able to use it safely.
> I get security by checking the real user id at the beginning of the program 
> and aborting the program if that uid does not belong to the only user who is 
> allowed to run the program. That user is me and I guess that it is much more 
> insecure to run the whole service that wants to authenticate users through PAM 
> as root.

How do you plan to 'authorize' passed command line options ??

lvm2 is designed to be always executed with root privileges - so it's believed 
admin knows how he can destroy his own system.

It is NOT designed/supposed to be used as suid binary - this would give user a 
way to big power to very easily destroy your filesystem and gain root 
privileges ( overwriting  /etc/passwd file)

So I'd highly recommend to avoid this path - unless you have total control 
over the users.

>> Go back to the beginning and describe the original problem you are
>> trying to solve and the constraints you have and ask for advice about
>> ways to achieve it.
> The beginning is that I want to create a user-specific logical volume when a 
> user logs in to a service that authenticates its users through pam and that 
> does not run as root.

You should probably consider some 'master & client' logic - where master runs 
'allowed' rules translated to lvm2 commands internally on your server  - and 
client just issues  some 'high-level' commands.



PS: there are some plans to support this over dBus - but no so much active 
dBus development is going on ATM on lvm2 side....

  reply	other threads:[~2018-11-16 15:32 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-15 16:39 [linux-lvm] lvcreate from a setuid-root binary Christoph Pleger
2018-11-15 17:57 ` Alasdair G Kergon
2018-11-16 13:43   ` Christoph Pleger
2018-11-16 15:32     ` Zdenek Kabelac [this message]
2018-11-16 16:12       ` Christoph Pleger
2018-11-16 17:21         ` Roger Heflin
2018-11-16 15:41     ` Stuart D. Gathman
2018-11-21  9:56       ` Christoph Pleger
2018-11-21  9:58         ` Vladislav Bogdanov
2018-11-21 10:23           ` Christoph Pleger
2018-11-17  0:24     ` Alasdair G Kergon
2018-11-19  8:55       ` Christoph Pleger
2018-11-19 13:01         ` Alasdair G Kergon
2018-11-19 13:19     ` Bryn M. Reeves
2018-11-19 15:17       ` Christoph Pleger
2018-11-19 15:35 ` Christoph Pleger
     [not found] <>
2018-11-19 14:04 ` matthew patton
2018-11-19 15:03   ` Christoph Pleger
     [not found] <>
2018-11-19 16:05 ` matthew patton
     [not found] <>
2018-11-22 16:41 ` matthew patton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).