Re: lvcreate from a setuid-root binary

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It's not very elegant, but the quick and dirty solution is to use sudo to allow certain users to run specific commands with a real uid of root.  You can say exactly what arguments the user has to use - the sudoers file is where this is configured.  Or you can make a script - which is probably better.  But said script should have no arguments, or as few as possible - because any complexity allows that user to attempt to exploit it to acheive root.  Such a script could trivially bring a specific LV online, writable by a specific user.  More complex requirement would be - more complex.

If LVM has more elegant features for this kind of thing, I'm all ears.

On Fri, Nov 16, 2018 at 8:43 AM, Christoph Pleger <christoph.pleger@xxxxxxxxxxxxxxxxxx> wrote:
Go back to the beginning and describe the original problem you are trying to solve and the constraints you have and ask for advice about ways to achieve it.
The beginning is that I want to create a user-specific logical volume when a user logs in to a service that authenticates its users through pam and that does not run as root. Regards Christoph 
_______________________________________________
linux-lvm mailing list
linux-lvm@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-lvm
read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
[Index of Archives]     [Gluster Users]     [Kernel Development]     [Linux Clusters]     [Device Mapper]     [Security]     [Bugtraq]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]

  Powered by Linux