Bug 1335294

Summary: [RFE] improve commands run as non-root
Product: [Community] LVM and device-mapper Reporter: David Teigland <teigland>
Component: lvm2Assignee: LVM Team <lvm-team>
lvm2 sub component: Command-line tools QA Contact: cluster-qe <cluster-qe>
Status: NEW --- Docs Contact:
Severity: unspecified    
Priority: unspecified CC: agk, heinzm, jbrassow, prajnoha, todoleza, zkabelac
Version: unspecifiedFlags: rule-engine: lvm-technical-solution?
rule-engine: lvm-test-coverage?
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Teigland 2016-05-11 19:41:35 UTC 
Description of problem:

Improve lvm commands run as non-root.

Perhaps we could add a new config setting "allow_non_root".  When 0, an lvm command would fail instead of printing a warning and continuing (often with further errors).

A default of allow_non_root=0 makes sense because it's consistent with the default permissions of the lvmetad socket, other sockets, /dev/mapper/control, /dev nodes, and probably some other things.

With special user configuration of permissions and special lvm options (e.g. --driverloaded n), the user can also set allow_non_root=1.

Currently, I'm getting the following as non-root:

use_lvmetad=0

$ vgs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Incompatible libdevmapper (unknown version) and kernel driver (unknown version).

use_lvmetad=1

$ vgs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  lvmetad_socket_present failed: Permission denied
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Incompatible libdevmapper (unknown version) and kernel driver (unknown version).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Alasdair Kergon 2016-05-12 00:27:00 UTC 
Fixed the 'unknown version' for the library in the messages with

https://www.redhat.com/archives/lvm-devel/2016-May/msg00047.html  

https://git.fedorahosted.org/cgit/lvm2.git/patch/?id=e6cafdad3608f58bc0cea6a73b16d9728fb92181
Comment 2 Alasdair Kergon 2016-05-12 00:44:28 UTC 
It's just a difference in perspective here.

Running as non-root is a perfectly valid thing to do if you've set up your system's environment to support that.

Although commands try to communicate with the dm driver during initialisation, failure to make contact is not an error at that stage - that only happens later if the command really needs to use the driver.
Comment 3 Alasdair Kergon 2016-05-12 00:58:32 UTC 
Also fixed this message:

lvmetad_socket_present failed: Permission denied

Any error involving a file in the filesystem must provide the name of the file concerned and the system call name, optionally qualified with further relevant arguments or the function name.

https://www.redhat.com/archives/lvm-devel/2016-May/msg00048.html

https://git.fedorahosted.org/cgit/lvm2.git/patch/?id=a6203657a0bf4b15017724a8212cc61a8672afa5
Comment 4 David Teigland 2016-05-12 15:38:33 UTC 
> Running as non-root is a perfectly valid thing to do if you've set up your
> system's environment to support that.

Yes, that's good, but I'm interested here in the common case where someone has *not* set up or changed their environment, i.e. the defaults.  It appears that everywhere across the system, the default is for root-only lvm.  So, I'm suggesting that lvm's *default* behavior should *match* the defaults made everywhere else.  Instead, lvm is currently assuming that the user has set up their environment in a way that makes it useful to run non-root.  That assumption is wrong the vast majority of the time, so I think the default should be changed to match the common/majority case.