[linux-lvm] lvcreate from a setuid-root binary
Stuart D. Gathman
stuart at gathman.org
Fri Nov 16 15:41:53 UTC 2018
It's not very elegant, but the quick and dirty solution is to use sudo
to allow certain users to run specific commands with a real uid of
root. You can say exactly what arguments the user has to use - the
sudoers file is where this is configured. Or you can make a script -
which is probably better. But said script should have no arguments, or
as few as possible - because any complexity allows that user to attempt
to exploit it to acheive root. Such a script could trivially bring a
specific LV online, writable by a specific user. More complex
requirement would be - more complex.
If LVM has more elegant features for this kind of thing, I'm all ears.
On Fri, Nov 16, 2018 at 8:43 AM, Christoph Pleger
<christoph.pleger at cs.uni-dortmund.de> wrote:
>> Go back to the beginning and describe the original problem you are
>> trying to solve and the constraints you have and ask for advice about
>> ways to achieve it.
>
> The beginning is that I want to create a user-specific logical volume
> when a user logs in to a service that authenticates its users through
> pam and that does not run as root.
>
> Regards
> Christoph
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-lvm/attachments/20181116/ddf577da/attachment.htm>
More information about the linux-lvm
mailing list