Other Questions about gpart

PMc

PMc

Hi folks, I have two questions concerning the gpart(8) tool:

1. Is there a reason why each and every dirty unpriviledged commoner can happily edit around in my disktables?
Code: 
admin@edge:502:1~$ gpart show ada2s1
=>        0  209715200  ada2s1  BSD  (100G)
          0         16          - free -  (8.0K)
         16  209715184       1  !0  (100G)

admin@edge:503:1~$ gpart delete -i 1 ada2s1
ada2s1a deleted
admin@edge:504:1~$ gpart add -t freebsd-ufs -i 1 ada2s1
ada2s1a added
admin@edge:505:1~$ gpart show ada2s1
=>        0  209715200  ada2s1  BSD  (100G)
          0  209715200       1  freebsd-ufs  (100G)

admin@edge:506:1~$ id
uid=1000(admin) gid=20(staff) groups=20(staff),0(wheel),5(operator),20(staff),997(bareos)
admin@edge:507:1~$ su - operator
Password:
$ /sbin/gpart delete -i 1 ada2s1
ada2s1a deleted
$ /sbin/gpart add -t freebsd-ufs -b 16 -i 1 ada2s1
ada2s1a added
$ /sbin/gpart show ada2s1
=>        0  209715200  ada2s1  BSD  (100G)
          0         16          - free -  (8.0K)
         16  209715184       1  freebsd-ufs  (100G)

$ id
uid=2(operator) gid=20(staff) groups=20(staff),5(operator)

$ ls -l /dev/ada2*
crw-r-----  1 root  operator  0x7f Mar 25 00:34 /dev/ada2
crw-r-----  1 root  operator  0x8d Mar 25 00:34 /dev/ada2p2
crw-r-----  1 root  operator  0x8e Mar 25 00:34 /dev/ada2p3
crw-r-----  1 root  operator  0x8f Mar 25 00:34 /dev/ada2p4
crw-r-----  1 root  operator  0x8c Mar 25 00:34 /dev/ada2s1
crw-r-----  1 root  operator  0xe8 Mar 25 01:20 /dev/ada2s1a
$ ls -l /sbin/gpart
-r-xr-xr-x  17 root  wheel  24716 Feb 12 23:26 /sbin/gpart

It seems, I don't see any write permission on the drives, neither SUID bits on the command.


2. Is there a reason why the resize subcommand has to be issued twice to get the desired result, as the -s option might be silently ignored on the first invocation?
Code: 
# gpart show ada1
=>       63  234441585  ada1  MBR  (112G)
         63          1        - free -  (512B)
         64   12582912     1  freebsd  (6.0G)
   12582976   55838016     2  !191  (27G)
   68420992    2097152     3  !191  (1.0G)
   70518144  126174768        - free -  (60G)
  196692912   37748736     4  !191  (18G)

 # gpart delete -i 3 ada1
 # gpart resize -i 2 -a 4096b -s 55838024 ada1
ada1s2 resized
 # gpart add -t "\!191"  -a 4096b -s 2097160 -i 3 ada1
gpart: autofill: No space left on device
 # gpart show ada1
=>       63  234441585  ada1  MBR  (112G)
         63          1        - free -  (512B)
         64   12582912     1  freebsd  (6.0G)
   12582976  184109936     2  !191  (88G)
  196692912   37748736     4  !191  (18G)

 # gpart resize -i 2 -a 4096b -s 100 ada1
ada1s2 resized
 # gpart show ada1
=>       63  234441585  ada1  MBR  (112G)
         63          1        - free -  (512B)
         64   12582912     1  freebsd  (6.0G)
   12582976         96     2  !191  (48K)
   12583072  184109840        - free -  (88G)
  196692912   37748736     4  !191  (18G)

 # gpart resize -i 2 -a 4096b -s 55838024 ada1
ada1s2 resized
 # gpart show ada1
=>       63  234441585  ada1  MBR  (112G)
         63          1        - free -  (512B)
         64   12582912     1  freebsd  (6.0G)
   12582976  184109936     2  !191  (88G)
  196692912   37748736     4  !191  (18G)

 # gpart resize -i 2 -a 4096b -s 55838024 ada1
ada1s2 resized
 # gpart show ada1
=>       63  234441585  ada1  MBR  (112G)
         63          1        - free -  (512B)
         64   12582912     1  freebsd  (6.0G)
   12582976   55838024     2  !191  (27G)
   68421000  128271912        - free -  (61G)
  196692912   37748736     4  !191  (18G)
 
1) For what I see, all users that belong to operator group can use gpart without restriction (unless a partition is mounted). The funny thing is that only root user seems able to use newfs or mount a partition.

2) Looks like a bug. I can easily reproduce it. Without alignement constraint this bug doesn't show up.

At last, I think that there are here some people who could certainly shed more light on these behaviours.
 
Emrion said:
1) For what I see, all users that belong to operator group can use gpart without restriction (unless a partition is mounted).
Click to expand...

Ahh, thanks - so the "operator" group is the answer. That might make some sense, but should be documented somewhere (I didn't search extensively).

The funny thing is that only root user seems able to use newfs or mount a partition.
Click to expand...

This is not surprizing. It should be possible to do newfs when having write permission on the device in /dev - because it is nothing else than a write to the device.
With mount it is a bit more complicated - a mount can bring new SUID files into the system, so that needs special protection ( sysctl vfs.usermount)

2) Looks like a bug. I can easily reproduce it. Without alignement constraint this bug doesn't show up.
Click to expand...

Yeah, I can agree on the term "bug". ;)
 
You must log in or register to reply here.
Back
Top