Non-root can create, but not delete, btrfs snapshots?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi!

I noticed that a non-root user is able to create (but not delete)
snapshots of a root btrfs filesystem on kernel 3.4.0.

I'm not sure I understand the security model correctly, but letting
unprivileged users create snapshots of the entire filesystem seems...
wrong. Is this intentional?

------------------------------------------------------------
~/test$ ls -la
total 0
drwxr-xr-x 1 sliedes sliedes    0 Jun  4 02:28 .
drwxr-xr-x 1 sliedes sliedes 7352 Jun  4 02:27 ..
~/test$ whoami
sliedes
~/test$ groups
sliedes dialout cdrom floppy audio src video plugdev kvm wireshark sbox
~/test$ btrfs subvolume snapshot / newsnap
Create a snapshot of '/' in './newsnap'
~/test$ ls -la
total 32
drwxr-xr-x 1 sliedes sliedes   14 Jun  4 02:28 .
drwxr-xr-x 1 sliedes sliedes 7352 Jun  4 02:27 ..
drwxr-xr-x 1 root    root     336 Jun  2 05:32 newsnap
~/test$ btrfs subvolume delete newsnap
Delete subvolume '/home/sliedes/test/newsnap'
ERROR: cannot delete '/home/sliedes/test/newsnap' - Operation not permitted
~/test$ sudo btrfs subvolume delete newsnap
Delete subvolume '/home/sliedes/test/newsnap'
~/test$ 
------------------------------------------------------------

	Sami

Attachment: signature.asc
Description: Digital signature


[Linux Ext4 Filesystem]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [CEPH Filesystem]


  Powered by Linux