Bug#329409: [devmapper] ownership and permissions breakage

Roger Leigh rleigh at whinlatter.ukfsn.org
Tue Dec 6 22:27:59 UTC 2005

Hash: SHA1


These bugs have gone far too long with no fix, and with absolutely no
justification for the wontfix tag.  They cause real breakage on live
Debian systems, and not fixing this bug is completely unacceptable.
Unless this is resolved shortly, I will be referring it to the
Technical Committee.

The ownership and permissions of disk block devices on a Debian system
are root:disk, 0660.  Anything other than that is gratuitously
different, and will break existing tools that require those settings.

Bastian Blank wrote:

> The policy don't describe it as wrong.

This is not a policy issue.  Look at the ownership of every other disk
block device under /dev.  Now look at the LVM device and directory
ownership and permissions.  Clearly, devmapper is different from
everything else.  *Why?*

> Write access to disks is nearly as good as root. Get the
> CAP_DAC_READ capability, which is designed for backup purposes.

*Why?*  When I backup my system, the backup user needs access to the
block devices.  This is what the disk group is for.

> Use udev if you need special modes.

This sounds like a good idea, but do *you* have the necessary udev
rules to construct /dev/mapper and the other directories of symlinks?
Seriously, I ultimately want udev to manage this, and have briefly
discussed this with Marco, but vague "use udev" comments are not
useful.  I have yet to see anyone who has managed to do this.

However, this does not alter the fact that the default is still wrong.

Others have provided the necessary information to configure devmapper
with the appropriate defaults.  Please do so.

Please appreciate that people do need to do backups.  You broke that,
and have not given *any reason* for the breakage.  Please fix it this


- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>


More information about the pkg-lvm-maintainers mailing list