From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 2/5] api: add Sys.Modify on /system/disks as permission to endpoints handling removable datastores
Date: Tue, 26 Nov 2024 13:26:56 +0100 [thread overview]
Message-ID: <69210925-3325-491a-a057-dc5c096a4025@proxmox.com> (raw)
In-Reply-To: <1732622272.pgtz2hjshk.astroid@yuna.none>
This is missing a commit message explaining the rationale.
Am 26.11.24 um 13:07 schrieb Fabian Grünbichler:
>> @@ -2512,7 +2512,10 @@ pub fn do_mount_device(datastore: DataStoreConfig) -> Result<(), Error> {
>> schema: UPID_SCHEMA,
>> },
>> access: {
>> - permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
>> + permission: &Permission::And(&[
>> + &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
>> + &Permission::Privilege(&["system", "disks"], PRIV_SYS_MODIFY, false)
>> + ]),
> I am not 100% sure this part should require Sys.Modify.. somebody needs
> to have set up the datastore already, just mounting seems benign in that
> case?
Mounting is always a bit of an involved operation as it can result in
IO hangs, just requiring audit on the store seems IMO rather to low of a
requirement. The Audit privs are not for things that alter the system state,
but rather for pure observation. Sys.Modify might not be ideal but IMO
definitively better than the status quo, "Datastore.Modify" might be fine too
though.
>> },
>> )]
>> /// Mount removable datastore.
>> @@ -2625,7 +2628,10 @@ fn do_unmount_device(
>> schema: UPID_SCHEMA,
>> },
>> access: {
>> - permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
>> + permission: &Permission::And(&[
>> + &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
>> + &Permission::Privilege(&["system", "disks"], PRIV_SYS_MODIFY, false)
>> + ]),
> same logic would apply here..
>
>> }
>> )]
>> /// Unmount a removable device that is associated with the datastore
here the status quo requires "Datastore.Modify", which is better, but if we
go for Sys.Modify above I'd not have any objection to use it also here.
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-11-26 12:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 11:43 [pbs-devel] [PATCH proxmox-backup 0/5] removable datastore follow-up Hannes Laimer
2024-11-26 11:43 ` [pbs-devel] [PATCH proxmox-backup 1/5] api: mainatenance: allow setting of maintenance mode if 'unmounting' Hannes Laimer
2024-11-26 11:43 ` [pbs-devel] [PATCH proxmox-backup 2/5] api: add Sys.Modify on /system/disks as permission to endpoints handling removable datastores Hannes Laimer
2024-11-26 12:07 ` Fabian Grünbichler
2024-11-26 12:26 ` Thomas Lamprecht [this message]
2024-11-26 13:53 ` Hannes Laimer
2024-11-26 14:14 ` Fabian Grünbichler
2024-11-26 11:43 ` [pbs-devel] [PATCH proxmox-backup 3/5] api: types: add 'mount_status' to schema Hannes Laimer
2024-11-26 11:43 ` [pbs-devel] [PATCH proxmox-backup 4/5] docs: add information for removable datastores Hannes Laimer
2024-11-26 11:43 ` [pbs-devel] [PATCH proxmox-backup 5/5] ui: allow resetting unmounting maintenance Hannes Laimer
2024-11-26 12:11 ` Fabian Grünbichler
2024-11-26 15:35 ` [pbs-devel] applied: " Thomas Lamprecht
2024-11-26 12:09 ` [pbs-devel] partially applied: [PATCH proxmox-backup 0/5] removable datastore follow-up Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69210925-3325-491a-a057-dc5c096a4025@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox