Bug 620571 - non root user can no longer view lvm devices
non root user can no longer view lvm devices
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: lvm2 (Show other bugs)
6.0
All Linux
low Severity low
: rc
: ---
Assigned To: Alasdair Kergon
Corey Marthaler
: Regression
Depends On:
Blocks: 656394
  Show dependency treegraph
 
Reported: 2010-08-02 17:21 EDT by Corey Marthaler
Modified: 2011-05-19 10:26 EDT (History)
8 users (show)

See Also:
Fixed In Version: lvm2-2.02.83-3.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 656394 (view as bug list)
Environment:
Last Closed: 2011-05-19 10:26:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Corey Marthaler 2010-08-02 17:21:26 EDT
Description of problem:
[testmonkey@taft-02 root]$ lvs
  /etc/lvm/lvm.conf: stat failed: Permission denied

[testmonkey@taft-02 root]$ cat /etc/lvm/lvm.conf
cat: /etc/lvm/lvm.conf: Permission denied

[testmonkey@taft-02 root]$ exit
exit

[root@taft-02 ~]# ls -lrt /etc/lvm/lvm.conf
-rw-r--r--. 1 root root 21640 Aug  2 14:22 /etc/lvm/lvm.conf

There used to be a message when running as non root:
"WARNING: Running as a non-root user. Functionality may be unavailable."

Version-Release number of selected component (if applicable):
2.6.32-52.el6.x86_64

lvm2-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
lvm2-libs-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
lvm2-cluster-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
udev-147-2.21.el6    BUILT: Mon Jul 12 04:55:00 CDT 2010
device-mapper-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-libs-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-event-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-event-libs-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
cmirror-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010


How reproducible:
everytime
Comment 2 Alasdair Kergon 2010-11-22 16:31:11 EST
So what's going on here?

Are the /etc/lvm directory permissions wrong now?
Or is it selinux?

(And how did this trivial bugzilla not get noticed since August?)
Comment 3 Alasdair Kergon 2010-11-22 16:34:17 EST
Is /etc/lvm being given wrong permissions?  It should be mode 0755 so that lvm.conf is readable.  Looks wrong in the Fedora package I built a few hours ago.
Comment 6 Corey Marthaler 2011-03-11 12:26:43 EST
Although /etc/lvm/lvm.conf is now readable by non root users, they still can not view lvm devices. Also, there shouldn't be any 'dm_task struct' failures, just the " WARNING: Running as a non-root user. Functionality may be unavailable." and the listed volumes.


[testmonkey@taft-02 root]$ lvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ vgs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ pvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.

[testmonkey@taft-02 root]$ lvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ lvcreate
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  striped: Required device-mapper target(s) not detected in your kernel
  Run `lvcreate --help' for more information.
Comment 7 Milan Broz 2011-03-18 07:35:07 EDT
You can see neither PVs (device is not accessible for user access by default) nor LV status (dm-ioctl requires root only, resp CAP_SYSADMIN privilege).

But the repeated warnings are misleading, I posted some patch here
https://www.redhat.com/archives/lvm-devel/2011-March/msg00116.html
Comment 9 Corey Marthaler 2011-03-18 16:00:39 EDT
After talking with devel, non root users are no longer able to view lvm devices, so the following cmds are what's now expected. Marking verified.

[testmonkey@taft-01 root]$ pvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.
[testmonkey@taft-01 root]$ pvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.
[testmonkey@taft-01 root]$ lvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  No volume groups found
Comment 10 errata-xmlrpc 2011-05-19 10:26:21 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0772.html

Note You need to log in before you can comment on or make changes to this bug.