From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
To: linux-btrfs@vger.kernel.org
Subject: Re: A user cannot remove his readonly snapshots?!
Date: Fri, 15 Sep 2017 13:08:55 -0400 [thread overview]
Message-ID: <38b35e41-313a-1eed-667a-ee3138c8170d@gmail.com> (raw)
In-Reply-To: <20170915163736.GD32347@rus.uni-stuttgart.de>
On 2017-09-15 12:37, Ulli Horlacher wrote:
> I have my btrfs filesystem mounted with option user_subvol_rm_allowed
>
> tux@xerus: btrfs --version
> btrfs-progs v4.4
>
> tux@xerus: uname -a
> Linux xerus 4.4.0-93-generic #116-Ubuntu SMP Fri Aug 11 21:17:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
> tux@xerus: id
> uid=1000(tux) gid=100(users) groups=100(users)
>
> tux@xerus: btrfs subvolume snapshot -r /test/tux/zz /test/tux/zz/.snapshot/2017-09-15_1824.test
> tux@xerus: btrfs subvolume delete /test/tux/zz/.snapshot/2017-09-15_1824.test
> Delete subvolume (no-commit): '/test/tux/zz/.snapshot/2017-09-15_1824.test'
> ERROR: cannot delete '/test/tux/zz/.snapshot/2017-09-15_1824.test': Read-only file system
>
> root can delete this snapshot, but not the user. Why?
>
Add 'user_subvol_rm' to the mount options and try again.
It's because of a poor decision made regarding permissions surrounding
subvolume operations. The original argument was to prevent accidental
data loss (stupid argument, rm -rf is just as bad and nearly as fast on
most modern systems), and that behavior has never been changed. In
fact, I'd advocate using that option on everything, because otherwise
you have trivial resource exhaustion issues (users can create a resource
they then can't remove). Ideally, normal users wouldn't be able to
create or delete subvolumes unless explicitly allowed (possibly through
delegation by ownership or something).
next prev parent reply other threads:[~2017-09-15 17:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-15 16:37 A user cannot remove his readonly snapshots?! Ulli Horlacher
2017-09-15 17:08 ` Austin S. Hemmelgarn [this message]
2017-09-15 19:32 ` Ulli Horlacher
2017-09-18 11:36 ` Austin S. Hemmelgarn
2017-09-15 21:07 ` Peter Grandi
2017-09-15 21:44 ` Ulli Horlacher
2017-09-15 22:02 ` Ulli Horlacher
2017-09-15 23:22 ` Kai Krakow
2017-09-16 7:36 ` Ulli Horlacher
2017-09-16 11:29 ` Kai Krakow
2017-09-16 9:04 ` Goffredo Baroncelli
2017-09-16 9:22 ` Ulli Horlacher
2017-09-16 9:16 ` Peter Grandi
2017-09-16 8:10 ` Goffredo Baroncelli
2017-09-16 8:54 ` Ulli Horlacher
2017-09-16 10:19 ` Ulli Horlacher
2017-09-16 10:43 ` Marat Khalili
2017-09-16 11:47 ` Kai Krakow
2017-09-16 14:28 ` Ulli Horlacher
2017-09-18 11:39 ` Austin S. Hemmelgarn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=38b35e41-313a-1eed-667a-ee3138c8170d@gmail.com \
--to=ahferroin7@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).