[Pkg-zfsonlinux-devel] Bug#888736: zfs-dkms: assign a seperate group zfsadm to /dev/zfs
Hans Freitag
zem at fnordpol.de
Mon Jan 29 11:10:05 UTC 2018
Package: zfs-dkms
Version: 0.7.5-1
Severity: wishlist
Dear Maintainer,
I would like to have /dev/zfs assigned to a seperate group zfsadm. The device
is
currently assigned to the group disk.
My problem with that is that every user who is in group disk can basicly read
and
write every disk block device on the system, including the root fs.
This is not needed for a zfs admin user. With ZFS you can allow access to a
user
like snapshotting one specific volume or filesystem and send it over to another
host as long as the user has access to /dev/zfs.
It would improve security and useability if it is possible by default to assign
such
a zfs administrator user to a zfsadm group instead of disk.
regards
Hans
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages zfs-dkms depends on:
ii debconf 1.5.63
ii dkms 2.3-3
ii lsb-release 9.20170808
ii spl-dkms 0.7.5-1
Versions of packages zfs-dkms recommends:
ii zfs-zed 0.7.5-1
ii zfsutils-linux 0.7.5-1
zfs-dkms suggests no packages.
-- debconf information:
zfs-dkms/stop-build-for-32bit-kernel: true
zfs-dkms/stop-build-for-unknown-kernel: true
* zfs-dkms/note-incompatible-licenses:
More information about the Pkg-zfsonlinux-devel
mailing list