Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: 5.99.42/sparc64 - lvm2: permissions for operator use of lvm(8)
On Dec,Thursday 30 2010, at 10:47 AM, Martin Mersberger wrote:
> Hi folks,
>
> AFAIK, some of the last changes on lvm2 have been in context to give
> some sort of read-only access to operators.
> By now, there are some minor permission problems, which prevent users in
> the operator group to get some (requested) output from lvm(8)
>
> it's mostly around /var/lock, as lvm tries to set locks in /var/lock/lvm
>
> It works as intended, if:
> /var/lock is 0710 and owned by root:operator (0710 to avoid, that
> operator users can lock out root..)
> AND
> /var/lock/lvm is 0770 and also owned by root:operator
> AND
> /dev/mapper/control is 0660 and also owned by root:operator (it works
> also with 0640, but then, an amount of permission denied messages appear
> before)
Work around can be use --ignorelockingfailure flag for lvm tools
lvm lvs --ignorelockingfailure
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
devel vgdata -wi-a- 150.00g
srv vgdata -wi-a- 10.00g
This needs little bit more discussion lets wait for others what they thing.
>
>
> Using this settings, I'm able to view the lvm details like
> pvs/pvdisplay, vgs/vgdisplay, lvs/lvdisplay, but I can't modify things
> ie using /(pv|vg|lv)(create|resize|remove)/
That's fine.
>
> There is one minor thing still open - if ie. vgs is issued, it tries to
> create an archive entry into /etc/lvm/archive and update
> /etc/lvm/backup/<volume group name>, but this should not done anyway by
> an operator user. So the permissions in /etc/lvm are fine.
>
> If those backup/archive routines within lvm(8) are not executed for
> operator users, the 'Couldn't create temp archive' and 'Backup of volume
> metadata' messages would disappear as well
I'm not sure what was historical behavior but to me it looks like operator
should be able to create backup of lvm configuration.
Regards
Adam.
Home |
Main Index |
Thread Index |
Old Index