Bug 463271 - LVM2, not possible to define owner, group and permissions of a logical volume
LVM2, not possible to define owner, group and permissions of a logical volume
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: lvm2 (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Peter Rajnoha
Cluster QE
Depends On:
  Show dependency treegraph
Reported: 2008-09-22 15:34 EDT by Horacio RM
Modified: 2010-12-13 14:19 EST (History)
14 users (show)

See Also:
Fixed In Version: lvm2-2.02.56-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-11-15 09:32:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Horacio RM 2008-09-22 15:34:37 EDT
Description of problem:
In the activation process of a logical volume, several
nodes are created in /dev. These are the nodes:
   - /dev/mapper/VGxxxx/LVyyyy
   - /dev/VGxxxx (directory)
   - /dev/VGxxxx/LVyyyy (a symbolic link to /dev/mapper/....)

The problem is that there are applications (databases for 
example) that run under specific users that need access
to the disks directly to store information.

Because (for security reasons) the database runs under other
than root user, there is a need to chown the devices in order
to grant the access to the data.

Well, there are some active environments (for example the cluster
suite) that activates/deactivates the LVs dynamically. 

Currently there is no way to set the OWNER, GROUP and MODE (like
un udev rules) with the Logical Volume Manager, and this functionality
is needed in order to grant access to block devices for specific users.

How reproducible:
Very reproducible.
- Activate a logical volume (if it is not active already).
- Change user/group
- Deactivate it
- Activate it again.
- Check that the user/group has been lost.
And there isn't a way to define this in lvm.con nor udev-rules.

Additional info:
Comment 1 Petr Rockai 2009-03-01 08:43:26 EST
I suppose this will be addressed with moving the node creation responsibility to udev, as planned for future LVM versions. I am not sure it is worth addressing separately before that move? Maybe others could comment though...
Comment 2 Peter Rajnoha 2009-03-02 02:35:34 EST
Yes, exactly. This will be solved by moving to udev which is on its way out right now... So I expect it to be in upstream in near near future if all goes well. This should replace the old code responsible for creating the /dev contents altogether then.
Comment 3 Dave Wysochanski 2009-03-10 20:37:34 EDT
Is the plan for RHEL6?
Comment 6 Peter Rajnoha 2009-09-22 09:54:03 EDT
Udev support has been integrated into device-mapper/lvm2 lately and it's been configured in Fedora rawhide (device-mapper-1.02.37-3, lvm2-2_02_52-3). This provides a start point for inclusion in RHEL6 (we will see later if this is going to be backported back to RHEL5).
Comment 7 Peter Rajnoha 2009-10-08 07:52:43 EDT
Unfortunately, udev support was switched off again in rawhide due to problems found in anaconda installer. Further analysis shows that the problem was in "parted" utility only that could not deal with new node/symlink layout for DM devices in /dev.

A quick workaround (but rather inefficient) was made to deal with this problem from libdevmapper side. Also, a team of people responsible for "parted" were notified to correct a part of their code where some assumptions were made about DM names and their use while calling dm library functions. We recommended them to correct this and it seems this will be corrected in parted upstream as well soon.

Since this is the only major problem found, we still think about the inclusion of the udev support in RHEL6 (if there are no other obstacles).
Comment 10 Peter Rajnoha 2009-12-21 04:56:40 EST
Udev support enabled in lvm2-2_02_56-1_el6.

Permissions for each LV (and for DM devices in general) could be set by udev rules directly, see also doc/device-mapper-1.02.40/12-dm-permissions.rules.
Comment 13 releng-rhel@redhat.com 2010-11-15 09:32:14 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.