Non-root users can be allowed to use a configuration by setting ALLOW_USERS or
ALLOW_GROUPS in the config file. For all operations to work the user must also
be able to read and access the .snapshots directory inside the
-subvolume. The .snapshots directory must have owner and group root. The
-directory must not be writable by anybody else.
+subvolume. The .snapshots directory must be owned by root and must not be
+writable by anybody else.
.SH "FILES"
.TP
+-------------------------------------------------------------------
+Thu Oct 18 15:11:49 CEST 2012 - aschnell@suse.de
+
+- .snapshots must not have group root if it is not group-writable
+
-------------------------------------------------------------------
Mon Oct 15 10:40:07 CEST 2012 - aschnell@suse.de
throw IOErrorException();
}
- if (stat.st_uid != 0 || stat.st_gid != 0)
+ if (stat.st_uid != 0)
{
- y2err("owner/group of .snapshots wrong");
+ y2err(".snapshots must have owner root");
+ throw IOErrorException();
+ }
+
+ if (stat.st_gid != 0 && stat.st_mode & S_IWGRP)
+ {
+ y2err(".snapshots must have group root or must not be group-writable");
throw IOErrorException();
}
if (stat.st_mode & S_IWOTH)
{
- y2err("permissions of .snapshots wrong");
+ y2err(".snapshots must not be world-writable");
throw IOErrorException();
}
throw IOErrorException();
}
- if (stat.st_uid != 0 || stat.st_gid != 0)
+ if (stat.st_uid != 0)
+ {
+ y2err(".snapshots must have owner root");
+ throw IOErrorException();
+ }
+
+ if (stat.st_gid != 0 && stat.st_mode & S_IWGRP)
{
- y2err("owner/group of .snapshots wrong");
+ y2err(".snapshots must have group root or must not be group-writable");
throw IOErrorException();
}
if (stat.st_mode & S_IWOTH)
{
- y2err("permissions of .snapshots wrong");
+ y2err(".snapshots must not be world-writable");
throw IOErrorException();
}
projects / thirdparty / snapper.git / commitdiff
