>>>>> On Fri, 24 Dec 2010 21:34:58 -0500, Dan Langille said: > > On 12/24/2010 7:51 AM, Bruno Friedmann wrote: > > On 12/24/2010 01:48 PM, Kern Sibbald wrote: > >> On Friday 24 December 2010 12:54:00 Martin Simmons wrote: > >>>>>>>> On Fri, 24 Dec 2010 10:28:22 +0100, Bruno Friedmann said: > >>>> > >>>> Hi there, > >>>> > >>>> With the onefs = no shouldn't gvfs mounting point considered as external > >>>> filesystem. > >>>> > >>>> I got this warning on workstation or server when user's have let their X > >>>> gnome session open and perharps use one gvfs ressource open ( nautilus > >>>> smb://server/share for example ) > >>>> > >>>> 23-Dec 22:00 totem-fd JobId 107: Could not stat "/home/scan/.gvfs": > >>>> ERR=Permission denied > >>>> > >>>> Hopefully bacula-fd ( running as root can't access this folder ) > >>>> otherwise, it will be able to save remote data that gvfs can access ... > >>>> > >>>> If you agree that should be changed, I can open a bug request to that ... > >>> > >>> For security reasons, only the owner can read the .gvfs directory, so the > >>> bacula-fd gets ERR=Permission denied when it runs as root. > >> > >> Interesting, so root is no longer totally powerful. Hmmm. > > > > Yes Kern, some people on the Gnome world has been inspirited by other > > "crappy OS" where God is no more God. > > :-) > > How do these people propose that such a system be backed up?
There is nothing in the .gvfs directory that needs to be backed up -- it contains mounts for external resources and is recreated by the system from metadata. > It's kind of silly, considering root can su to a given user. Yes, but only if it explicitly does that. The .gvfs filesystem is implemented as a userland process (via FUSE), so giving access to root would surreptitiously run code as another user, possibly passing those credentials to remote servers. That could break other security measures such as nfs maproot. __Martin ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
