On Sat, May 31, 2008 at 9:18 AM, David Magda <dmagda@xxxxxxxxxxxxx> wrote:
> On May 31, 2008, at 06:03, Joerg Schilling wrote:
>> The other method works as root if you use -atime (see man page) and is
>> available since 13 years.
> Would it be possible to assign an RBAC role to a regular user to
> accomplish this? If so, would you know which one?
You can use "ppriv -D -e star ..." to figure out which privileges you
lack to be able to reset the atime. I suspect that in order to perform
backups (and reset atime), you would need to have file_dac_read and
file_dac_write. A backup program that has those privileges has
everything they need to gain full root access.
I wish that there was a flag to open(2) to say not to update the atime
and that there was a privilege that could be granted to allow this
flag without granting file_dac_write.
zfs-discuss mailing list