From: Duncan <1i5t5.duncan@cox.net>
To: linux-btrfs@vger.kernel.org
Subject: Re: Qgroups are not applied when snapshotting a subvol?
Date: Tue, 28 Mar 2017 02:41:52 +0000 (UTC) [thread overview]
Message-ID: <pan$4c68e$4d5b137e$7fa9a653$88273853@cox.net> (raw)
In-Reply-To: CAJCQCtTOX6p03hPi6CJyzPKmFQMfP4oSCzbrkjftU=Sm9LdjPA@mail.gmail.com
Chris Murphy posted on Mon, 27 Mar 2017 15:11:34 -0600 as excerpted:
>> What are actual use cases for creating subvolumes by 'normal' users?
>>
>> Does someone have an example?
>>
>> Why is it possible at all, by default?
>
> I have a single git subvolume in my user directory, inside of which are
> various git clones. And I periodically snapshot the git subvolume as a
> regular user.
>
> If I can't create subvolumes as a regular user then by extension it'd
> mean I can't create snapshots of my own home directory, or any other
> subvolumes I exclusively own.
One rather big problem with what, with snapshots (which are a special
kind of subvolume), is that btrfs has known scaling issues when the
number of snapshots gets too high. Combine that with allowing users to
make but not delete snapshots, and you have a huge invitation to scaling
headaches due to the number of snapshots.
Really, the two permissions subvolume/snapshot creation, and deletion,
should be synchronized. Allowing subvolume deletion clearly has security
issues, but so does allowing creation without allowing deletion. They
both really have to go together, and be allowed only for "trusted" users,
with the option of whether that's root-only, or a subset of users (say
via group perms), or all users, being up to the local admin, basically, a
mount option.
Which in usual terms means making the perms root-only, with the binary
set to some controlled-access group and set-SUID-root (or appropriate
security attributes, I'm drawing a blank on the word I want ATM), and
then letting the admin control access via group membership.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2017-03-28 2:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-25 22:03 Qgroups are not applied when snapshotting a subvol? Moritz Sichert
2017-03-26 5:45 ` Duncan
2017-03-27 0:39 ` Qu Wenruo
2017-03-27 3:26 ` Andrei Borzenkov
2017-03-27 3:46 ` Qu Wenruo
2017-03-27 11:02 ` Moritz Sichert
2017-03-27 12:01 ` Austin S. Hemmelgarn
2017-03-27 19:32 ` Chris Murphy
2017-03-27 19:53 ` Roman Mamedov
2017-03-27 20:06 ` Hans van Kranenburg
2017-03-27 21:11 ` Chris Murphy
2017-03-28 2:41 ` Duncan [this message]
2017-03-28 5:21 ` Duncan
2017-03-28 3:56 ` Andrei Borzenkov
2017-03-28 11:24 ` Austin S. Hemmelgarn
2017-03-28 12:00 ` Marat Khalili
2017-03-28 12:20 ` Austin S. Hemmelgarn
2017-03-28 13:53 ` Marat Khalili
2017-03-28 15:24 ` Austin S. Hemmelgarn
2017-03-29 5:53 ` Marat Khalili
2017-03-28 1:49 ` Qu Wenruo
2017-03-28 11:44 ` Austin S. Hemmelgarn
2017-03-29 5:38 ` Duncan
2017-03-29 11:36 ` Austin S. Hemmelgarn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$4c68e$4d5b137e$7fa9a653$88273853@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).