Bug 518470
Summary: | scripts executed as stapusr don't run | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Marcela Mašláňová <mmaslano> |
Component: | systemtap | Assignee: | Frank Ch. Eigler <fche> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 11 | CC: | fche, jhutar, jistone, mjw, mjw, wcohen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-08-21 07:08:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marcela Mašláňová
2009-08-20 14:24:50 UTC
Marcela, the "stapusr" privilege only permits precompiled scripts to be run. That is, the sysadmin must compile (stap -p4) and install (cp FOO.ko /lib/modules/`uname -r`/systemtap) each script that is supposed to be run by stapusr prileges. The "stapdev" privilege is not so limited, and should permit arbitrary script compilation/execution. Please double-check that your group assignments are effective (run "id"), and that nothing is interfering with the setuid nature of /usr/bin/staprun (check selinux logs perhaps?). (In reply to comment #0) > Run your systemtap script as a user who is in group stapusr and stapdev. > /etc/group > user:x:500:stapdev,stapusr Please double check your group settings. The above says that stapdev and stapusr are members of group user. You want the opposite, user should be part of group stapdev /etc/group: stapdev:x:490:user Um, thank you for your kind reply. Definitely notabug. |