Bug#304476: udev: LVM2 LVs created with wrong ownership / permissions
Lionel Elie Mamane
Lionel Elie Mamane <lionel@mamane.lu>, 304476@bugs.debian.org
Sun, 17 Apr 2005 15:46:35 +0200
On Sun, Apr 17, 2005 at 02:51:14PM +0200, Bastian Blank wrote:
> This devices are managed by devmapper. And I don't see problems with
> root:root 600 as sane default.
It is inconsistent with the other filesystem-holding devices.
For one, it forces backup programs to run as root, instead of another
user ID member of "disk". This makes stepping up from a compromise of
the backup server to a full root compromise of the backuped machines
far easier, when using a partition-based network backup system.
(Yes, it can be worked around by a chown/chmod in /etc/init.d/foo, but
that's a workaround for this inconsistency in Debian.)
--
Lionel