Bug 518470 - scripts executed as stapusr don't run
scripts executed as stapusr don't run
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: systemtap (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Frank Ch. Eigler
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-20 10:24 EDT by Marcela Mašláňová
Modified: 2009-08-21 03:08 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-21 03:08:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Marcela Mašláňová 2009-08-20 10:24:50 EDT
Description of problem:
ERROR: You are trying to run stap as a normal user.
You should either be root, or be part of either group "stapdev" or group "stapusr".

Version-Release number of selected component (if applicable):
systemtap-0.9.9-3.fc11.x86_64

How reproducible:
Run your systemtap script as a user who is in group stapusr and stapdev.
/etc/group
user:x:500:stapdev,stapusr

Am I doing something wrong or I must execute scripts only as root?
Comment 1 Frank Ch. Eigler 2009-08-20 10:30:07 EDT
Marcela, the "stapusr" privilege only permits precompiled scripts
to be run.  That is, the sysadmin must compile (stap -p4) and
install (cp FOO.ko /lib/modules/`uname -r`/systemtap) each script
that is supposed to be run by stapusr prileges.

The "stapdev" privilege is not so limited, and should permit
arbitrary script compilation/execution.

Please double-check that your group assignments are effective
(run "id"), and that nothing is interfering with the setuid
nature of /usr/bin/staprun (check selinux logs perhaps?).
Comment 2 Mark Wielaard 2009-08-20 11:01:58 EDT
(In reply to comment #0)
> Run your systemtap script as a user who is in group stapusr and stapdev.
> /etc/group
> user:x:500:stapdev,stapusr

Please double check your group settings.
The above says that stapdev and stapusr are members of group user.
You want the opposite, user should be part of group stapdev
/etc/group:
stapdev:x:490:user
Comment 3 Marcela Mašláňová 2009-08-21 03:08:57 EDT
Um, thank you for your kind reply. Definitely notabug.

Note You need to log in before you can comment on or make changes to this bug.