Why aren't you just using sudo for this? On Fri, Nov 16, 2018 at 11:14 AM Christoph Pleger <christoph.pleger@xxxxxxxxxxxxxxxxxx> wrote: > > Hello, > > > How do you plan to 'authorize' passed command line options ?? > > My program has no command line options. It just takes PAM_USER from PAM > environment and creates a logical volume /dev/vg1/$PAM_USER, creates a > filesystem and changes directory permissions of the top directory of the > new filesystem. > > > lvm2 is designed to be always executed with root privileges - so it's > > believed admin knows how he can destroy his own system. > > > > It is NOT designed/supposed to be used as suid binary - this would > > give user a way to big power to very easily destroy your filesystem > > and gain root privileges (i.e.by overwriting /etc/passwd file) > > Either you misunderstood what I mean, or I am misunderstanding what you > mean - I do not set lvcreate suid root, but a program that has only a > small and well defined set of instructions (described above) and that > restricts its execution to only one user (by checking the real uid > before setuid(0)). > > Regards > Christoph > > _______________________________________________ > linux-lvm mailing list > linux-lvm@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-lvm > read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/ _______________________________________________ linux-lvm mailing list linux-lvm@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
