Bug 518470 - scripts executed as stapusr don't run
Summary: scripts executed as stapusr don't run
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: systemtap
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Frank Ch. Eigler
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-20 14:24 UTC by Marcela Mašláňová
Modified: 2009-08-21 07:08 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-21 07:08:57 UTC


Attachments (Terms of Use)

Description Marcela Mašláňová 2009-08-20 14:24:50 UTC
Description of problem:
ERROR: You are trying to run stap as a normal user.
You should either be root, or be part of either group "stapdev" or group "stapusr".

Version-Release number of selected component (if applicable):
systemtap-0.9.9-3.fc11.x86_64

How reproducible:
Run your systemtap script as a user who is in group stapusr and stapdev.
/etc/group
user:x:500:stapdev,stapusr

Am I doing something wrong or I must execute scripts only as root?

Comment 1 Frank Ch. Eigler 2009-08-20 14:30:07 UTC
Marcela, the "stapusr" privilege only permits precompiled scripts
to be run.  That is, the sysadmin must compile (stap -p4) and
install (cp FOO.ko /lib/modules/`uname -r`/systemtap) each script
that is supposed to be run by stapusr prileges.

The "stapdev" privilege is not so limited, and should permit
arbitrary script compilation/execution.

Please double-check that your group assignments are effective
(run "id"), and that nothing is interfering with the setuid
nature of /usr/bin/staprun (check selinux logs perhaps?).

Comment 2 Mark Wielaard 2009-08-20 15:01:58 UTC
(In reply to comment #0)
> Run your systemtap script as a user who is in group stapusr and stapdev.
> /etc/group
> user:x:500:stapdev,stapusr

Please double check your group settings.
The above says that stapdev and stapusr are members of group user.
You want the opposite, user should be part of group stapdev
/etc/group:
stapdev:x:490:user

Comment 3 Marcela Mašláňová 2009-08-21 07:08:57 UTC
Um, thank you for your kind reply. Definitely notabug.


Note You need to log in before you can comment on or make changes to this bug.