[linux-lvm] lvcreate from a setuid-root binary
Christoph Pleger
christoph.pleger at cs.uni-dortmund.de
Fri Nov 16 13:43:10 UTC 2018
Hello,
> Let's stop there. The fact you're asking a question about setuid
> suggests you don't understand enough to be able to use it safely.
I get security by checking the real user id at the beginning of the
program and aborting the program if that uid does not belong to the only
user who is allowed to run the program. That user is me and I guess that
it is much more insecure to run the whole service that wants to
authenticate users through PAM as root.
> Go back to the beginning and describe the original problem you are
> trying to solve and the constraints you have and ask for advice about
> ways to achieve it.
The beginning is that I want to create a user-specific logical volume
when a user logs in to a service that authenticates its users through
pam and that does not run as root.
Regards
Christoph
More information about the linux-lvm
mailing list