[Pkg-zfsonlinux-devel] Bug#888736: zfs-dkms: assign a seperate group zfsadm to /dev/zfs

Hans Freitag zem at fnordpol.de
Mon Jan 29 11:10:05 UTC 2018


Package: zfs-dkms
Version: 0.7.5-1
Severity: wishlist

Dear Maintainer,

I would like to have /dev/zfs assigned to a seperate group zfsadm. The device
is
currently assigned to the group disk.

My problem with that is that every user who is in group disk can basicly read
and
write every disk block device on the system, including the root fs.

This is not needed for a zfs admin user. With ZFS you can allow access to a
user
like snapshotting one specific volume or filesystem and send it over to another
host as long as the user has access to /dev/zfs.

It would improve security and useability if it is possible by default to assign
such
a zfs administrator user to a zfsadm group instead of disk.

regards

    Hans



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages zfs-dkms depends on:
ii  debconf      1.5.63
ii  dkms         2.3-3
ii  lsb-release  9.20170808
ii  spl-dkms     0.7.5-1

Versions of packages zfs-dkms recommends:
ii  zfs-zed         0.7.5-1
ii  zfsutils-linux  0.7.5-1

zfs-dkms suggests no packages.

-- debconf information:
  zfs-dkms/stop-build-for-32bit-kernel: true
  zfs-dkms/stop-build-for-unknown-kernel: true
* zfs-dkms/note-incompatible-licenses:



More information about the Pkg-zfsonlinux-devel mailing list