Hello,
How do you plan to 'authorize' passed command line options ??
My program has no command line options. It just takes PAM_USER from PAM environment and creates a logical volume /dev/vg1/$PAM_USER, creates a filesystem and changes directory permissions of the top directory of the new filesystem.
lvm2 is designed to be always executed with root privileges - so it's believed admin knows how he can destroy his own system. It is NOT designed/supposed to be used as suid binary - this would give user a way to big power to very easily destroy your filesystem and gain root privileges (i.e.by overwriting /etc/passwd file)
Either you misunderstood what I mean, or I am misunderstanding what you mean - I do not set lvcreate suid root, but a program that has only a small and well defined set of instructions (described above) and that restricts its execution to only one user (by checking the real uid before setuid(0)).
Regards Christoph _______________________________________________ linux-lvm mailing list linux-lvm@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
