Re: We need a decent role based way to get backup privilleges
From: Michael Vilain
Date: 05/12/04
- Next message: Slash: "Is the unix kernel multithreaded?"
- Previous message: Ricardo Fabbri: "swap information under Linux"
- In reply to: Joerg Schilling: "Re: We need a decent role based way to get backup privilleges"
- Next in thread: those who know me have no need of my name: "Re: We need a decent role based way to get backup privilleges"
- Reply:(deleted message) those who know me have no need of my name: "Re: We need a decent role based way to get backup privilleges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 11 May 2004 23:15:52 -0700
In article <c7qhfs$d3u$1@news.cs.tu-berlin.de>,
js@cs.tu-berlin.de (Joerg Schilling) wrote:
> In article <c7qg4a$2thm$2@nyheter.ipsec.se>, <phn@icke-reklam.ipsec.nu>
> wrote:
>
> >> Backups done by ufsdump either need root access as you would
> >> need with a clean backup design that honors layering, or it
> >> gets the permission by bypassing all UNIX access control in case
> >> the disk device is readable by a non root user.
> >
> >How utterly wrong. BSD 'operator' has read access to raw-disks
> >and may consequently perform backup using 'dump'
>
> 'ufsdump' is utterly wrong (because it breaks the layering model
> and accesses file system data the wrong way) and it is incredibly
> slow compared to "star"
>
> ftp://ftp.berlios.de/pub/star/alpha/
Forgive me if this sounds self-serving. You _are_, after all, the
author of star.
"A poet who reads his verse in public may have other nasty habits"
-- Lazarus Long
>
> Circumventing the UNIX security model by accessing the raw disk
> is just wrong.
[snip]
>
> A decent OS is able to grant the Backup Operator the rights he needs
> in a decent way and not by just allowing him to circumvent the security
> model. On a decent OS, you may tell the OS not to modify
> "file access times" when a backup is done.
>
> Star is already able to tell Solaris not to modify the "file access times"
> if it is run as root. Unfortunately, the Sun RBAC privileges(5) model
> does not yet include a privillege tag for allowing this to non-root
> users.
>
[snip]
> It is a smaller security risk than the outdated UNIX dump model implies.
>
[snip]
> It is a way to _limit_ the possible security hazard by creating
> a decent security mode.
Sounds like you want the VMS security model with multiple privileges for
doing this type of thing. I think that's why the VMS developers did
that--they saw root on UNIX and started with a much more robust security
model. There's a specific privilege called OPERATOR that allows R/O
access to all files so that anyone running VMS BACKUP can backup a
filesystem.
Pissing and moaning about the way things _should be_ ain't gonna get
them changed. What about the 20 years worth of stuff that will break?
What was your point of the original post, other than to vent?
-- DeeDee, don't press that button! DeeDee! NO! Dee...
- Next message: Slash: "Is the unix kernel multithreaded?"
- Previous message: Ricardo Fabbri: "swap information under Linux"
- In reply to: Joerg Schilling: "Re: We need a decent role based way to get backup privilleges"
- Next in thread: those who know me have no need of my name: "Re: We need a decent role based way to get backup privilleges"
- Reply:(deleted message) those who know me have no need of my name: "Re: We need a decent role based way to get backup privilleges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
