* Re: mdadm --monitor as non-root ?
[not found] <20111222132815.GA26042@rivendell.home.ouaza.com>
@ 2011-12-22 20:55 ` NeilBrown
0 siblings, 0 replies; only message in thread
From: NeilBrown @ 2011-12-22 20:55 UTC (permalink / raw)
To: Raphael Hertzog, linux-raid
[-- Attachment #1: Type: text/plain, Size: 3232 bytes --]
On Thu, 22 Dec 2011 14:28:15 +0100 Raphael Hertzog <hertzog@debian.org> wrote:
> Hello,
>
> I'm interested in having desktop notifications for change in the status
> of my RAID devices and I saw your comment here:
> http://neil.brown.name/blog/20090129234603-021
>
> Unfortunately that doesn't work well in practice. The monitoring program
> must be run from the user's session and apparently mdadm --monitor
> only works as root:
> $ mdadm --monitor --no-sharing --alert notify-send
> mdadm: must be super-user to perform this action
>
> Is there a way to let mdadm do the monitoring for us without requiring
> root rights?
That is reasonable. The next release of mdadm (later today) will not impose
that limitation - patch below.
Unfortunately the kernel does impose a limitation. I'll fix it for 3.3, but
until then you will need to apply the second patch below.
>
> Cheers,
>
> PS: Is there a better place for this kind of feature requests ? Feel
> free to forward this mail to record it there (should it exist).
Best place is linux-raid@vger.kernel.org (you don't need to subscribe). I've
Cced this reply there.
Thanks,
NeilBrown
From ba3903d416524e0fb002eca971ce6026e5f2c3af Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Fri, 23 Dec 2011 07:42:23 +1100
Subject: [PATCH] allow --monitor to be run by non-privileged use.
Providing --no-sharing is given, monitoring should be permitted.
Unfortunately the kernel current rejects GET_DISK_INFO and
GET_ARRAY_INFO for non-privileged users which is unjustified.
The info is available in sysfs and we could get it from there,
but for now, require the kernel to be fixed.
Reported-by: Raphael Hertzog <hertzog@debian.org>
Signed-off-by: NeilBrown <neilb@suse.de>
diff --git a/mdadm.c b/mdadm.c
index c6a887a..f07fac2 100644
--- a/mdadm.c
+++ b/mdadm.c
@@ -1209,7 +1209,8 @@ int main(int argc, char *argv[])
require_homehost = 0;
}
- if ((mode != MISC || devmode != 'E') &&
+ if (!((mode == MISC && devmode == 'E')
+ || (mode == MONITOR && spare_sharing == 0)) &&
geteuid() != 0) {
fprintf(stderr, Name ": must be super-user to perform this action\n");
exit(1);
From b56ca899650a7ad4f40b2986086f411286e90c4a Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Fri, 23 Dec 2011 07:46:36 +1100
Subject: [PATCH] md: allow non-privileged uses to GET_*_INFO about raid
arrays.
The info is already available in /proc/mdstat and /sys/block in
an accessible form so there is no point in putting a road-block in
the ioctl for information gathering.
Signed-off-by: NeilBrown <neilb@suse.de>
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 9dfa2d1..87022b5 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -6129,8 +6129,15 @@ static int md_ioctl(struct block_device *bdev, fmode_t mode,
struct mddev *mddev = NULL;
int ro;
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
+ switch (cmd) {
+ case RAID_VERSION:
+ case GET_ARRAY_INFO:
+ case GET_DISK_INFO:
+ break;
+ default:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
+ }
/*
* Commands dealing with the RAID driver but not any
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-12-22 20:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20111222132815.GA26042@rivendell.home.ouaza.com>
2011-12-22 20:55 ` mdadm --monitor as non-root ? NeilBrown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.