Bug 518470
| Summary: | scripts executed as stapusr don't run | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marcela Mašláňová <mmaslano> |
| Component: | systemtap | Assignee: | Frank Ch. Eigler <fche> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | fche, jhutar, jistone, mjw, mjw, wcohen |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-08-21 07:08:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marcela Mašláňová
2009-08-20 14:24:50 UTC
Marcela, the "stapusr" privilege only permits precompiled scripts to be run. That is, the sysadmin must compile (stap -p4) and install (cp FOO.ko /lib/modules/`uname -r`/systemtap) each script that is supposed to be run by stapusr prileges. The "stapdev" privilege is not so limited, and should permit arbitrary script compilation/execution. Please double-check that your group assignments are effective (run "id"), and that nothing is interfering with the setuid nature of /usr/bin/staprun (check selinux logs perhaps?). (In reply to comment #0) > Run your systemtap script as a user who is in group stapusr and stapdev. > /etc/group > user:x:500:stapdev,stapusr Please double check your group settings. The above says that stapdev and stapusr are members of group user. You want the opposite, user should be part of group stapdev /etc/group: stapdev:x:490:user Um, thank you for your kind reply. Definitely notabug. |