Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
5.99.42/sparc64 - lvm2: permissions for operator use of lvm(8)
Hi folks,
AFAIK, some of the last changes on lvm2 have been in context to give
some sort of read-only access to operators.
By now, there are some minor permission problems, which prevent users in
the operator group to get some (requested) output from lvm(8)
it's mostly around /var/lock, as lvm tries to set locks in /var/lock/lvm
It works as intended, if:
/var/lock is 0710 and owned by root:operator (0710 to avoid, that
operator users can lock out root..)
AND
/var/lock/lvm is 0770 and also owned by root:operator
AND
/dev/mapper/control is 0660 and also owned by root:operator (it works
also with 0640, but then, an amount of permission denied messages appear
before)
Using this settings, I'm able to view the lvm details like
pvs/pvdisplay, vgs/vgdisplay, lvs/lvdisplay, but I can't modify things
ie using /(pv|vg|lv)(create|resize|remove)/
There is one minor thing still open - if ie. vgs is issued, it tries to
create an archive entry into /etc/lvm/archive and update
/etc/lvm/backup/<volume group name>, but this should not done anyway by
an operator user. So the permissions in /etc/lvm are fine.
If those backup/archive routines within lvm(8) are not executed for
operator users, the 'Couldn't create temp archive' and 'Backup of volume
metadata' messages would disappear as well
regards
Martin
Home |
Main Index |
Thread Index |
Old Index