Bug 518470 - scripts executed as stapusr don't run
Summary: scripts executed as stapusr don't run
Alias: None
Product: Fedora
Classification: Fedora
Component: systemtap
Version: 11
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Frank Ch. Eigler
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-08-20 14:24 UTC by Marcela Mašláňová
Modified: 2009-08-21 07:08 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-08-21 07:08:57 UTC

Attachments (Terms of Use)

Description Marcela Mašláňová 2009-08-20 14:24:50 UTC
Description of problem:
ERROR: You are trying to run stap as a normal user.
You should either be root, or be part of either group "stapdev" or group "stapusr".

Version-Release number of selected component (if applicable):

How reproducible:
Run your systemtap script as a user who is in group stapusr and stapdev.

Am I doing something wrong or I must execute scripts only as root?

Comment 1 Frank Ch. Eigler 2009-08-20 14:30:07 UTC
Marcela, the "stapusr" privilege only permits precompiled scripts
to be run.  That is, the sysadmin must compile (stap -p4) and
install (cp FOO.ko /lib/modules/`uname -r`/systemtap) each script
that is supposed to be run by stapusr prileges.

The "stapdev" privilege is not so limited, and should permit
arbitrary script compilation/execution.

Please double-check that your group assignments are effective
(run "id"), and that nothing is interfering with the setuid
nature of /usr/bin/staprun (check selinux logs perhaps?).

Comment 2 Mark Wielaard 2009-08-20 15:01:58 UTC
(In reply to comment #0)
> Run your systemtap script as a user who is in group stapusr and stapdev.
> /etc/group
> user:x:500:stapdev,stapusr

Please double check your group settings.
The above says that stapdev and stapusr are members of group user.
You want the opposite, user should be part of group stapdev

Comment 3 Marcela Mašláňová 2009-08-21 07:08:57 UTC
Um, thank you for your kind reply. Definitely notabug.

Note You need to log in before you can comment on or make changes to this bug.