Red Hat Bugzilla – Bug 463271
LVM2, not possible to define owner, group and permissions of a logical volume
Last modified: 2010-12-13 14:19:15 EST
Description of problem:
In the activation process of a logical volume, several
nodes are created in /dev. These are the nodes:
- /dev/VGxxxx (directory)
- /dev/VGxxxx/LVyyyy (a symbolic link to /dev/mapper/....)
The problem is that there are applications (databases for
example) that run under specific users that need access
to the disks directly to store information.
Because (for security reasons) the database runs under other
than root user, there is a need to chown the devices in order
to grant the access to the data.
Well, there are some active environments (for example the cluster
suite) that activates/deactivates the LVs dynamically.
Currently there is no way to set the OWNER, GROUP and MODE (like
un udev rules) with the Logical Volume Manager, and this functionality
is needed in order to grant access to block devices for specific users.
- Activate a logical volume (if it is not active already).
- Change user/group
- Deactivate it
- Activate it again.
- Check that the user/group has been lost.
And there isn't a way to define this in lvm.con nor udev-rules.
I suppose this will be addressed with moving the node creation responsibility to udev, as planned for future LVM versions. I am not sure it is worth addressing separately before that move? Maybe others could comment though...
Yes, exactly. This will be solved by moving to udev which is on its way out right now... So I expect it to be in upstream in near near future if all goes well. This should replace the old code responsible for creating the /dev contents altogether then.
Is the plan for RHEL6?
Udev support has been integrated into device-mapper/lvm2 lately and it's been configured in Fedora rawhide (device-mapper-1.02.37-3, lvm2-2_02_52-3). This provides a start point for inclusion in RHEL6 (we will see later if this is going to be backported back to RHEL5).
Unfortunately, udev support was switched off again in rawhide due to problems found in anaconda installer. Further analysis shows that the problem was in "parted" utility only that could not deal with new node/symlink layout for DM devices in /dev.
A quick workaround (but rather inefficient) was made to deal with this problem from libdevmapper side. Also, a team of people responsible for "parted" were notified to correct a part of their code where some assumptions were made about DM names and their use while calling dm library functions. We recommended them to correct this and it seems this will be corrected in parted upstream as well soon.
Since this is the only major problem found, we still think about the inclusion of the udev support in RHEL6 (if there are no other obstacles).
Udev support enabled in lvm2-2_02_56-1_el6.
Permissions for each LV (and for DM devices in general) could be set by udev rules directly, see also doc/device-mapper-1.02.40/12-dm-permissions.rules.
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.