Podešavanje privilegija nad LVM particijama

Posted on 16/09/2013 by zsteva

Zbog izolovanja pristupa, potrebno nam je promeniti default privilegije (root:disk 0660) nad odredjenim particijama, zapravo logičkim volumenima odredjene volumen grupe.

Potrebno je da korisnici grupe grp01 dobiju read/write nad /dev/vg01/part2.

Prvo da vidimo šta je zapravo /dev/vg01/part2:

zsteva@debian:~$ ls -la /dev/vg01/part2 
lrwxrwxrwx 1 root root 7 Sep 16 21:06 /dev/vg01/part2 -> ../dm-4

Kao što se vidi, to je simbolički link na /dev/dm-4.

zsteva@debian:~$ ls -la /dev/dm-4             
brw-rw---- 1 root disk 253, 4 Sep 16 21:06 /dev/dm-4

A /dev/dm-4 predstavlja block device sa minor, major brojevima 253, 4.

Debuging udev sistema, koji pravi simboličke linkove i podešava privilegije:

zsteva@debian:~$ sudo udevadm test /sys/dev/block/253\:4
run_command: calling: test
udevadm_test: version 164
This program is for debugging only, it does not run any program,
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.

parse_file: reading '/lib/udev/rules.d/50-udev-default.rules' as rules file
parse_file: reading '/lib/udev/rules.d/55-dm.rules' as rules file
add_rule: NAME="" is ignored, because udev will not delete any device nodes, please remove it from /lib/udev/rules.d/55-dm.rules:57
parse_file: reading '/lib/udev/rules.d/56-lvm.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-gnupg.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-kpartx.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-alsa.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-input.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-serial.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-storage-dm.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-storage-lvm.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-storage-tape.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-storage.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-persistent-v4l.rules' as rules file
parse_file: reading '/lib/udev/rules.d/60-qemu-system.rules' as rules file
parse_file: reading '/dev/.udev/rules.d/61-dev-root-link.rules' as rules file
parse_file: reading '/lib/udev/rules.d/61-mobile-action.rules' as rules file
parse_file: reading '/lib/udev/rules.d/64-md-raid.rules' as rules file
parse_file: reading '/lib/udev/rules.d/70-acl.rules' as rules file
parse_file: reading '/lib/udev/rules.d/70-hid2hci.rules' as rules file
parse_file: reading '/etc/udev/rules.d/70-persistent-net.rules' as rules file
parse_file: reading '/lib/udev/rules.d/75-cd-aliases-generator.rules' as rules file
parse_file: reading '/lib/udev/rules.d/75-net-description.rules' as rules file
parse_file: reading '/lib/udev/rules.d/75-persistent-net-generator.rules' as rules file
parse_file: reading '/lib/udev/rules.d/75-probe_mtd.rules' as rules file
parse_file: reading '/lib/udev/rules.d/75-tty-description.rules' as rules file
parse_file: reading '/lib/udev/rules.d/78-sound-card.rules' as rules file
parse_file: reading '/lib/udev/rules.d/79-fstab_import.rules' as rules file
parse_file: reading '/lib/udev/rules.d/80-drivers.rules' as rules file
parse_file: reading '/lib/udev/rules.d/85-hwclock.rules' as rules file
parse_file: reading '/lib/udev/rules.d/91-permissions.rules' as rules file
parse_file: reading '/lib/udev/rules.d/95-keyboard-force-release.rules' as rules file
parse_file: reading '/lib/udev/rules.d/95-keymap.rules' as rules file
parse_file: reading '/etc/udev/rules.d/95-my-lvm-perm.rules' as rules file
parse_file: reading '/lib/udev/rules.d/xen-backend.rules' as rules file
parse_file: reading '/lib/udev/rules.d/xend.rules' as rules file
udev_rules_new: rules use 27684 bytes tokens (2307 * 12 bytes), 17161 bytes buffer
udev_rules_new: temporary index used 18400 bytes (920 * 20 bytes)
udev_device_new_from_syspath: device 0x7fafd268dcc0 has devpath '/devices/virtual/block/dm-4'
udev_device_new_from_syspath: device 0x7fafd26761b0 has devpath '/devices/virtual/block/dm-4'
udev_device_read_db: device 0x7fafd26761b0 filled with db file data
udev_rules_apply_to_event: LINK 'block/253:4' /lib/udev/rules.d/50-udev-default.rules:1
udev_rules_apply_to_event: IMPORT 'dmsetup_env 253 4' /lib/udev/rules.d/60-kpartx.rules:12
util_run_program: 'dmsetup_env 253 4' started
util_run_program: '/lib/udev/dmsetup_env' (stdout) 'DM_UUID=LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV'
util_run_program: '/lib/udev/dmsetup_env' (stdout) 'DM_TABLE_STATE=LIVE'
util_run_program: '/lib/udev/dmsetup_env' (stdout) 'DM_STATE=ACTIVE'
util_run_program: '/lib/udev/dmsetup_env' (stdout) 'DM_NAME=vg01-part2'
util_run_program: 'dmsetup_env 253 4' returned with exitcode 0
udev_rules_apply_to_event: IMPORT 'kpartx_id 253 4 LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV' /lib/udev/rules.d/60-kpartx.rules:16
util_run_program: 'kpartx_id 253 4 LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV' started
util_run_program: '/lib/udev/kpartx_id' (stdout) 'DM_TYPE=raid'
util_run_program: 'kpartx_id 253 4 LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV' returned with exitcode 0
udev_rules_apply_to_event: GROUP 6 /lib/udev/rules.d/91-permissions.rules:4
udev_event_execute_rules: no node name set, will use kernel supplied name 'dm-4'
udev_device_update_db: created db file for '/devices/virtual/block/dm-4' in '/dev/.udev/db/block:dm-4'
udev_node_update_old_links: update old name, '/dev/mapper/vg01-part2' no longer belonging to '/devices/virtual/block/dm-4'
link_update: no reference left, remove '/dev/mapper/vg01-part2'
udev_node_update_old_links: update old name, '/dev/disk/by-id/dm-name-vg01-part2' no longer belonging to '/devices/virtual/block/dm-4'
link_update: no reference left, remove '/dev/disk/by-id/dm-name-vg01-part2'
udev_node_update_old_links: update old name, '/dev/disk/by-id/dm-uuid-LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV' no longer belonging to '/devices/virtual/block/dm-4'
link_update: no reference left, remove '/dev/disk/by-id/dm-uuid-LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV'
udev_node_update_old_links: update old name, '/dev/vg01/part2' no longer belonging to '/devices/virtual/block/dm-4'
link_update: no reference left, remove '/dev/vg01/part2'
udev_node_add: creating device node '/dev/dm-4', devnum=253:4, mode=0660, uid=0, gid=6
udev_node_mknod: preserve file '/dev/dm-4', because it has correct dev_t
udev_node_mknod: preserve permissions /dev/dm-4, 060660, uid=0, gid=6
node_symlink: preserve already existing symlink '/dev/block/253:4' to '../dm-4'
udevadm_test: UDEV_LOG=6
udevadm_test: DEVPATH=/devices/virtual/block/dm-4
udevadm_test: MAJOR=253
udevadm_test: MINOR=4
udevadm_test: DEVNAME=/dev/dm-4
udevadm_test: DEVTYPE=disk
udevadm_test: ACTION=add
udevadm_test: SUBSYSTEM=block
udevadm_test: DEVLINKS=/dev/block/253:4
udevadm_test: DM_UUID=LVM-lbhVtg7GsJChHSDJHYfbyX2XFwCtQTWei8AKiKZkjn1eHleETADez0k9ff1Kp9oV
udevadm_test: DM_TABLE_STATE=LIVE
udevadm_test: DM_STATE=ACTIVE
udevadm_test: DM_NAME=vg01-part2
udevadm_test: DM_TYPE=raid

Iz svega ovoga može svašta da se vidi, ali nas zanima ovo DM_NAME=vg01-part2. Pravljenjem fajla /etc/udev/rules.d/95-my-lvm-perm.rules sa sadržajem ćemo odabranom deviceu dodeliti drugu grupu:

ENV{DM_NAME}=="vg01-part2", GROUP="grp01"

Efekat može biti vidljiv odmah pokretanjem: sudo udevadm trigger komande.

This entry was posted in admin, linux and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.