On Sun, Mar 14, 1999 at 09:57:01AM +1100, Luke Mewburn wrote:
> "Brian C. Grayson" writes:
> > My point was, if we allowed dump
> > to use a generic filesystem traversal framework (like fts, but
> > also for unmounted filesystems) and did a clean job of it,
> > ...
> The main problem with this is that how do you allow people in group
> operator to dump the disk in this situation? Currently they have
> read access on the disk device.

  I must be missing something here!  I wrote code to provide
pseudo-fts-like capabilities via the disk device.  Thus, if you
have read access to the device, you can dump any or all of the
disk, regardless of whether or not it is mounted.

> Note that subdir dump(8)ing already uses fts(3) and also has this
> problem (operators can't subdir dump directories they can't read);
> fixing this would have required hacking a chunk of the kernel's
> inode parsing code into dump(8).

  Or changing the subdir dumping to use routines that operate on
the disk device, not the mounted FS.  It's _fts on a mounted
filesystem_, which will enforce access permissions et al, which is
the problem, and not the idea of a walker on the disk device
(which may be a mounted or unmounted filesystem), right?

  Brian