Non-admin users are able to create and destroy datasets

All your general support questions for OpenZFS on OS X.

Non-admin users are able to create and destroy datasets

Postby mohak » Thu Jan 23, 2020 12:26 am

Hi,

I just discovered by accident that any user is able to create and destroy a dataset in a zfs pool currently imported in my macbook. Is this something by design or is something wrong with my config? And can I change this behaviour without running zfs unallow for every user/group?

I'm running O3X 1.9.3 on Mojave. Following are the steps to reproduce:

First as root:
Code: Select all
cd /tmp
dd if=/dev/zero bs=1m count=100 of=vdisk1
hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount vdisk1
zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD tank $disk_from_prev_command
zfs create tank/foo


Now as a non-admin user:
Code: Select all
zfs destroy tank/foo


and it will destroy the dataset
mohak
 
Posts: 3
Joined: Sat Oct 28, 2017 10:44 am

Re: Non-admin users are able to create and destroy datasets

Postby lundman » Thu Jan 23, 2020 12:57 am

Hmm no - that is probably a bug with the delegation code (as in "zfs allow" commands) - these have not yet been implemented in OSX, as we assume sudo will always be used. But that does seem rather
undesirable for someone else to destroy. I'll put a rush on a fix for this.
User avatar
lundman
 
Posts: 707
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: Non-admin users are able to create and destroy datasets

Postby beren » Thu Jan 23, 2020 5:40 am

For what it's worth I can format drives as a standard user from the gui as well.
beren
 
Posts: 1
Joined: Thu Jan 23, 2020 5:27 am

Re: Non-admin users are able to create and destroy datasets

Postby lundman » Thu Jan 23, 2020 5:08 pm

Yes, that is true - can't do anything to stop that. But we should take a look at the delegation code again and see if we can port it properly.
User avatar
lundman
 
Posts: 707
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan


Return to General Help

Who is online

Users browsing this forum: No registered users and 2 guests

cron