620571 – non root user can no longer view lvm devices

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 620571 - non root user can no longer view lvm devices

Summary: non root user can no longer view lvm devices

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	lvm2
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Alasdair Kergon
QA Contact:	Corey Marthaler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	656394
TreeView+	depends on / blocked

Reported:	2010-08-02 21:21 UTC by Corey Marthaler
Modified:	2011-05-19 14:26 UTC (History)
CC List:	8 users (show)
Fixed In Version:	lvm2-2.02.83-3.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	656394 (view as bug list)
Environment:
Last Closed:	2011-05-19 14:26:21 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0772	0	normal	SHIPPED_LIVE	lvm2 bug fix and enhancement update	2011-05-18 18:08:31 UTC

Description Corey Marthaler 2010-08-02 21:21:26 UTC

Description of problem:
[testmonkey@taft-02 root]$ lvs
  /etc/lvm/lvm.conf: stat failed: Permission denied

[testmonkey@taft-02 root]$ cat /etc/lvm/lvm.conf
cat: /etc/lvm/lvm.conf: Permission denied

[testmonkey@taft-02 root]$ exit
exit

[root@taft-02 ~]# ls -lrt /etc/lvm/lvm.conf
-rw-r--r--. 1 root root 21640 Aug  2 14:22 /etc/lvm/lvm.conf

There used to be a message when running as non root:
"WARNING: Running as a non-root user. Functionality may be unavailable."

Version-Release number of selected component (if applicable):
2.6.32-52.el6.x86_64

lvm2-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
lvm2-libs-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
lvm2-cluster-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
udev-147-2.21.el6    BUILT: Mon Jul 12 04:55:00 CDT 2010
device-mapper-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-libs-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-event-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
device-mapper-event-libs-1.02.53-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010
cmirror-2.02.72-3.el6    BUILT: Wed Jul 28 15:39:43 CDT 2010


How reproducible:
everytime

Comment 2 Alasdair Kergon 2010-11-22 21:31:11 UTC

So what's going on here?

Are the /etc/lvm directory permissions wrong now?
Or is it selinux?

(And how did this trivial bugzilla not get noticed since August?)

Comment 3 Alasdair Kergon 2010-11-22 21:34:17 UTC

Is /etc/lvm being given wrong permissions?  It should be mode 0755 so that lvm.conf is readable.  Looks wrong in the Fedora package I built a few hours ago.

Comment 6 Corey Marthaler 2011-03-11 17:26:43 UTC

Although /etc/lvm/lvm.conf is now readable by non root users, they still can not view lvm devices. Also, there shouldn't be any 'dm_task struct' failures, just the " WARNING: Running as a non-root user. Functionality may be unavailable." and the listed volumes.


[testmonkey@taft-02 root]$ lvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ vgs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ pvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.

[testmonkey@taft-02 root]$ lvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  Failed to create dm_task struct to check dev status
  No volume groups found

[testmonkey@taft-02 root]$ lvcreate
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  striped: Required device-mapper target(s) not detected in your kernel
  Run `lvcreate --help' for more information.

Comment 7 Milan Broz 2011-03-18 11:35:07 UTC

You can see neither PVs (device is not accessible for user access by default) nor LV status (dm-ioctl requires root only, resp CAP_SYSADMIN privilege).

But the repeated warnings are misleading, I posted some patch here
https://www.redhat.com/archives/lvm-devel/2011-March/msg00116.html

Comment 9 Corey Marthaler 2011-03-18 20:00:39 UTC

After talking with devel, non root users are no longer able to view lvm devices, so the following cmds are what's now expected. Marking verified.

[testmonkey@taft-01 root]$ pvscan
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.
[testmonkey@taft-01 root]$ pvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /var/lock/lvm/P_global:aux: open failed: Permission denied
  Unable to obtain global lock.
[testmonkey@taft-01 root]$ lvs
  WARNING: Running as a non-root user. Functionality may be unavailable.
  /dev/mapper/control: open failed: Permission denied
  Failure to communicate with kernel device-mapper driver.
  No volume groups found

Comment 10 errata-xmlrpc 2011-05-19 14:26:21 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0772.html

Note You need to log in before you can comment on or make changes to this bug.