Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

5.99.42/sparc64 - lvm2: permissions for operator use of lvm(8)

Hi folks,

AFAIK, some of the last changes on lvm2 have been in context to give
some sort of read-only access to operators.
By now, there are some minor permission problems, which prevent users in
the operator group to get some (requested) output from lvm(8)

it's mostly around /var/lock, as lvm tries to set locks in /var/lock/lvm

It works as intended, if:
  /var/lock is 0710 and owned by root:operator    (0710 to avoid, that
operator users can lock out root..)
  /var/lock/lvm is 0770 and also owned by root:operator
 /dev/mapper/control is 0660 and also owned by root:operator (it works
also with 0640, but then, an amount of permission denied messages appear

Using this settings, I'm able to view the lvm details like
 pvs/pvdisplay, vgs/vgdisplay, lvs/lvdisplay, but I can't modify things
ie using /(pv|vg|lv)(create|resize|remove)/

There is one minor thing still open - if ie. vgs is issued, it tries to
create an archive entry into /etc/lvm/archive and update
/etc/lvm/backup/<volume group name>, but this should not done anyway by
an operator user. So the permissions in /etc/lvm are fine.

If those backup/archive routines within lvm(8) are not executed for
operator users, the 'Couldn't create temp archive' and 'Backup of volume
metadata' messages would disappear as well


Home | Main Index | Thread Index | Old Index