Include warning about unintended consequences of using the operator account, and add note about GELI passing TRIM/UNMAP requests to ZFS FAQ
ClosedPublic
Actions

Authored by debdrup on Feb 8 2020, 5:57 PM.

Details

Reviewers

bcr
trasz
crees

Group Reviewers

docs

Summary

Make it absolutely clear that the operator group grants access privileges that might not be immediately obvious.

Also catching up on a bit of documentation to reflect that GELI has been passing TRIM/UNMAP requests since 2015.

Test Plan

Ran igor on it, passed without incident for the few lines I added.

Diff Detail

Repository

rD FreeBSD doc repository - subversion

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 29365
Build 27263: arc lint + arc unit

Event Timeline

debdrup created this revision.Feb 8 2020, 5:57 PM

Harbormaster completed remote builds in B29245: Diff 67983.Feb 8 2020, 5:57 PM

debdrup added a reviewer: docs.Feb 8 2020, 6:00 PM

Do you think some actual examples might help? As an example perhaps the shutdown privilege, but can you think of any others?

In your commit message, best to say 'group' rather than 'account'.

tom_hur.st added a subscriber: tom_hur.st.Feb 8 2020, 7:34 PM

To quote Mastering FreeBSD and OpenBSD Security:

... the raw disk devices are owned by root, but the group operator has access to read them. This allows the operator group to bypass the filesystem and its permissions and read raw data blocks from the disk.

Add some examples as suggested by cress.

This should at least give an overview of how broad the unintended consequences can be.

Harbormaster completed remote builds in B29246: Diff 67985.Feb 8 2020, 9:09 PM

debdrup edited the summary of this revision. (Show Details)Feb 8 2020, 9:10 PM

Looks great. If no one else does so, I'll commit this in a few days when I get a chance.

This revision is now accepted and ready to land.Feb 12 2020, 12:29 PM

Added recently discovered filename tag around /dev

This revision now requires review to proceed.Feb 13 2020, 9:45 PM

Harbormaster completed remote builds in B29365: Diff 68284.Feb 13 2020, 9:46 PM

I hope it's okay that I'm (apparently) combining two reviews into one? Or should I resubmit on each? I thought arc could handle multiple outstanding reviews, but apparently not.

They are separate actions, so should be separate commits and therefore separate reviews, but I'm happy to split them this time.

I don't wish to cause unnecessary noise, but it seems the accepted-status got lost in bumping things, so I'm wondering if you lost track of this review as I did?

@crees and/or @bcr if you don't have time. I can make the commit myself with your approval.