[pbs-devel] [PATCH proxmox-backup] fix #5233: don't require root for some tape operations
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Nov 12 21:15:12 CET 2024
Am 10.09.24 um 09:08 schrieb Dominik Csapak:
> instead, require 'Tape.Write' on '/tape' path.
> This makes it possible for a TapeAdmin or TapeOperator to
> format/remove/vault tapes, instead of just root at pam.
>
> I opted for the path '/tape' since we don't have a dedicated acl
> structure for single tapes, just '/tape/pool' (which does not apply
> since not all tapes have to have a pool), '/tape/device' (which is
> intended for drives/changers) and '/tape/jobs' (which is for jobs only).
>
> Alternatively we could invent a new scheme for tape media, e.g.
> '/tape/media' for this.
the path is fine, but why Tape.Write over Tape.Modify?
> Tape.Modify
> Tape.Modify allows a user to modify the configuration of tape drives, changers and backups.
vs
> Tape.Write
> Tape.Write allows a user to write to a tape media.
The former might be a better fit here as these calls alter not only the tape
content, or?
Noticed because Hannes' recent patch already switched the move-tape one to
Tape.Modify,
More information about the pbs-devel
mailing list