On 12/27/2010 04:40 PM, Martin Simmons wrote:
>>>>>> On Fri, 24 Dec 2010 21:34:58 -0500, Dan Langille said:
>>
>> On 12/24/2010 7:51 AM, Bruno Friedmann wrote:
>>> On 12/24/2010 01:48 PM, Kern Sibbald wrote:
>>>> On Friday 24 December 2010 12:54:00 Martin Simmons wrote:
>>>>>>>>>> On Fri, 24 Dec 2010 10:28:22 +0100, Bruno Friedmann said:
>>>>>>
>>>>>> Hi there,
>>>>>>
>>>>>> With the onefs = no shouldn't gvfs mounting point considered as external
>>>>>> filesystem.
>>>>>>
>>>>>> I got this warning on workstation or server when user's have let their X
>>>>>> gnome session open and perharps use one gvfs ressource open ( nautilus
>>>>>> smb://server/share for example )
>>>>>>
>>>>>> 23-Dec 22:00 totem-fd JobId 107: Could not stat "/home/scan/.gvfs":
>>>>>> ERR=Permission denied
>>>>>>
>>>>>> Hopefully bacula-fd ( running as root can't access this folder )
>>>>>> otherwise, it will be able to save remote data that gvfs can access ...
>>>>>>
>>>>>> If you agree that should be changed, I can open a bug request to that ...
>>>>>
>>>>> For security reasons, only the owner can read the .gvfs directory, so the
>>>>> bacula-fd gets ERR=Permission denied when it runs as root.
>>>>
>>>> Interesting, so root is no longer totally powerful. Hmmm.
>>>
>>> Yes Kern, some people on the Gnome world has been inspirited by other
>>> "crappy OS" where God is no more God.
>>> :-)
>>
>> How do these people propose that such a system be backed up?
>
> There is nothing in the .gvfs directory that needs to be backed up -- it
> contains mounts for external resources and is recreated by the system from
> metadata.
>
>
>> It's kind of silly, considering root can su to a given user.
>
> Yes, but only if it explicitly does that. The .gvfs filesystem is implemented
> as a userland process (via FUSE), so giving access to root would
> surreptitiously run code as another user, possibly passing those credentials
> to remote servers. That could break other security measures such as nfs
> maproot.
>
> __Martin
>
Didn't know how user jobs can react but you can always ask a umount as root
gvfs-fuse-daemon on /home/bruno/.gvfs type fuse.gvfs-fuse-daemon
(rw,nosuid,nodev,relatime,user_id=1502,group_id=1500)
umount gvfs-fuse-daemon
Anyway, I've added this path in my normal excluded wild
--
Bruno Friedmann (irc:tigerfoot)
Ioda-Net Sàrl www.ioda-net.ch
openSUSE Member
User www.ioda.net/r/osu
Blog www.ioda.net/r/blog
fsfe fellowship www.fsfe.org
GPG KEY : D5C9B751C4653227
vcard : http://it.ioda-net.ch/ioda-net.vcf
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
