From: Rob M. <rm...@so...> - 2006-11-07 19:21:36
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I tried making the smartctl binary in a group a non-root user could access it with, but hobbit@currant:/root$ /usr/sbin/smartctl -H /dev/sda -d ata smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ Smartctl open device: /dev/sda failed: Permission denied no. I am not entirely sure how i had this working before. I had gotten this script, running as an unpriv'd user, to run the command, and it was successful. The machine was recently rebooted, and since then the non-root user (hobbit) cannot access the silly thing. What changed on reboot? the issue seems to be not the binary but the drive itself, denying access to non-root users. As root, the command completes as expected. currant:~# /usr/sbin/smartctl -H /dev/sda -d ata smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED ideas? thanks, - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUNyyBvBcJFK6xYURAsJTAJ4jMU+5q2GN7clOo/FvIeIfSDsNgwCdGNyP jHAGFj/0wJH+Put1s4OYcbc= =OPTw -----END PGP SIGNATURE----- |
From: Kyle L. <eth...@gm...> - 2006-11-07 19:25:40
|
Try making sure that hobbit is a member of the proper group ("disk" on my system) to have read/write/execute to the block device. ~Kyle Lemons On 11/7/06, Rob Munsch <rm...@so...> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I tried making the smartctl binary in a group a non-root user could > access it with, but > > hobbit@currant:/root$ /usr/sbin/smartctl -H /dev/sda -d ata > smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > Home page is http://smartmontools.sourceforge.net/ > > Smartctl open device: /dev/sda failed: Permission denied > > no. > > I am not entirely sure how i had this working before. I had gotten this > script, running as an unpriv'd user, to run the command, and it was > successful. > The machine was recently rebooted, and since then the non-root user > (hobbit) cannot access the silly thing. What changed on reboot? the > issue seems to be not the binary but the drive itself, denying access to > non-root users. > > As root, the command completes as expected. > > currant:~# /usr/sbin/smartctl -H /dev/sda -d ata > smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > Home page is http://smartmontools.sourceforge.net/ > > === START OF READ SMART DATA SECTION === > SMART overall-health self-assessment test result: PASSED > > ideas? > > thanks, > > - -- > Rob Munsch > Solutions For Progress IT > www.solutionsforprogress.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFUNyyBvBcJFK6xYURAsJTAJ4jMU+5q2GN7clOo/FvIeIfSDsNgwCdGNyP > jHAGFj/0wJH+Put1s4OYcbc= > =OPTw > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Smartmontools-support mailing list > Sma...@li... > https://lists.sourceforge.net/lists/listinfo/smartmontools-support > -- ~Kyle Lemons http://www.google.com/ -- Before you ask, search! http://www.gentoo.org/ -- Feel the power of Freedom http://www.gnupg.org/ -- Military grade encryption for the masses http://www.xchat.org/ -- IRC: Industrial Strength Chatting |
From: Rob M. <rm...@so...> - 2006-11-07 19:33:44
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kyle Lemons wrote: > Try making sure that hobbit is a member of the proper group ("disk" on > my system) to have read/write/execute to the block device. Thanks, I'll check that out. Any guesses on how this was working before reboot? I installed smartmontools, made my script, fired it up, and hobbit ran the command successfully. Very odd. > ~Kyle Lemons > > On 11/7/06, * Rob Munsch* <rm...@so... > <mailto:rm...@so...>> wrote: > > I tried making the smartctl binary in a group a non-root user could > access it with, but > > hobbit@currant:/root$ /usr/sbin/smartctl -H /dev/sda -d ata > smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > Home page is http://smartmontools.sourceforge.net/ > > Smartctl open device: /dev/sda failed: Permission denied > > no. > > I am not entirely sure how i had this working before. I had gotten this > script, running as an unpriv'd user, to run the command, and it was > successful. > The machine was recently rebooted, and since then the non-root user > (hobbit) cannot access the silly thing. What changed on reboot? the > issue seems to be not the binary but the drive itself, denying access to > non-root users. > > As root, the command completes as expected. > > currant:~# /usr/sbin/smartctl -H /dev/sda -d ata > smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > Home page is http://smartmontools.sourceforge.net/ > > === START OF READ SMART DATA SECTION === > SMART overall-health self-assessment test result: PASSED > > ideas? > > thanks, > - ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> _______________________________________________ Smartmontools-support mailing list Sma...@li... <mailto:Sma...@li...> https://lists.sourceforge.net/lists/listinfo/smartmontools-support > -- > ~Kyle Lemons > http://www.google.com/ -- Before you ask, search! > http://www.gentoo.org/ -- Feel the power of Freedom > http://www.gnupg.org/ -- Military grade encryption for the masses > http://www.xchat.org/ -- IRC: Industrial Strength Chatting - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUN+LBvBcJFK6xYURAqqFAJ9s7emON2vh5ZMIuTFOyYDtJ9pYxQCfQ5Za ZHYEWOknackqzNwAHZVsaYg= =Ha+C -----END PGP SIGNATURE----- |
From: Rob M. <rm...@so...> - 2006-11-07 19:39:20
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Munsch wrote: > Kyle Lemons wrote: >> Try making sure that hobbit is a member of the proper group ("disk" on >> my system) to have read/write/execute to the block device. > > Thanks, I'll check that out. Oddly, doing that results in this: hobbit@currant:~$ /usr/sbin/smartctl -H /dev/sda -d ata smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ Smartctl: Device Read Identity Failed (not an ATA/ATAPI device) A mandatory SMART command failed: exiting. To continue, add one or more '-T permissive' options. Now i'm confused. Just when i thought i was getting the idea, too... Any guesses on how this was working before > reboot? I installed smartmontools, made my script, fired it up, and > hobbit ran the command successfully. Very odd. > >> ~Kyle Lemons > >> On 11/7/06, * Rob Munsch* <rm...@so... >> <mailto:rm...@so...>> wrote: > >> I tried making the smartctl binary in a group a non-root user could >> access it with, but > >> hobbit@currant:/root$ /usr/sbin/smartctl -H /dev/sda -d ata >> smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen >> Home page is http://smartmontools.sourceforge.net/ > >> Smartctl open device: /dev/sda failed: Permission denied > >> no. > >> I am not entirely sure how i had this working before. I had gotten this >> script, running as an unpriv'd user, to run the command, and it was >> successful. >> The machine was recently rebooted, and since then the non-root user >> (hobbit) cannot access the silly thing. What changed on reboot? the >> issue seems to be not the binary but the drive itself, denying access to >> non-root users. > >> As root, the command completes as expected. > >> currant:~# /usr/sbin/smartctl -H /dev/sda -d ata >> smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen >> Home page is http://smartmontools.sourceforge.net/ > >> === START OF READ SMART DATA SECTION === >> SMART overall-health self-assessment test result: PASSED > >> ideas? > >> thanks, > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> > _______________________________________________ > Smartmontools-support mailing list > Sma...@li... > <mailto:Sma...@li...> > https://lists.sourceforge.net/lists/listinfo/smartmontools-support > > > > >> -- >> ~Kyle Lemons > >> http://www.google.com/ -- Before you ask, search! >> http://www.gentoo.org/ -- Feel the power of Freedom >> http://www.gnupg.org/ -- Military grade encryption for the masses >> http://www.xchat.org/ -- IRC: Industrial Strength Chatting > > - ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Smartmontools-support mailing list Sma...@li... https://lists.sourceforge.net/lists/listinfo/smartmontools-support - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUODbBvBcJFK6xYURAknnAJ4oBNcL3dcXCHnj27yTd80/MqGThACeLFVo GGoN5JcFTi01a5gWf2rbdEw= =T3RR -----END PGP SIGNATURE----- |
From: Sergey V. <vs...@al...> - 2006-11-08 13:10:38
|
On Tue, 07 Nov 2006 14:39:07 -0500 Rob Munsch wrote: > Rob Munsch wrote: > > Kyle Lemons wrote: > >> Try making sure that hobbit is a member of the proper group ("disk" on > >> my system) to have read/write/execute to the block device. > > > > Thanks, I'll check that out. > > Oddly, doing that results in this: > > hobbit@currant:~$ /usr/sbin/smartctl -H /dev/sda -d ata > smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > Home page is http://smartmontools.sourceforge.net/ > > Smartctl: Device Read Identity Failed (not an ATA/ATAPI device) > > A mandatory SMART command failed: exiting. To continue, add one or more > '-T permissive' options. The problem is that the ioctl operations that smartctl needs to use (e.g., HDIO_DRIVE_TASKFILE) have additional permission checks inside the kernel (CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities are needed). This is due to the fact that these operations are even more dangerous than access to raw data (some commands can even make the drive unusable, e.g., by setting an ATA password, or even erasing the drive firmware). One possible solution is invoking smartctl through sudo - this way smartctl will have full root privileges. |
From: Rob M. <rm...@so...> - 2006-11-08 15:38:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sergey Vlasov wrote: > On Tue, 07 Nov 2006 14:39:07 -0500 Rob Munsch wrote: > >> Rob Munsch wrote: >>> Kyle Lemons wrote: >>>> Try making sure that hobbit is a member of the proper group ("disk" on >>>> my system) to have read/write/execute to the block device. >>> Thanks, I'll check that out. >> Oddly, doing that results in this: >> >> hobbit@currant:~$ /usr/sbin/smartctl -H /dev/sda -d ata >> smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen >> Home page is http://smartmontools.sourceforge.net/ >> >> Smartctl: Device Read Identity Failed (not an ATA/ATAPI device) >> >> A mandatory SMART command failed: exiting. To continue, add one or more >> '-T permissive' options. > > The problem is that the ioctl operations that smartctl needs to use > (e.g., HDIO_DRIVE_TASKFILE) have additional permission checks inside > the kernel (CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities are needed). > This is due to the fact that these operations are even more dangerous > than access to raw data (some commands can even make the drive > unusable, e.g., by setting an ATA password, or even erasing the drive > firmware). > > One possible solution is invoking smartctl through sudo - this way > smartctl will have full root privileges. I did just that. All now works, thank you all. Side note: my logs are now filling with kernel: program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO at Warning level. How can i make this stop? :( - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUfnHBvBcJFK6xYURAnedAJ9gR7/TdI6rCmhui2DNbBrtoNR1MgCePiK/ QyUPSRjdAEDvNRqWBWAmdLM= =pSHs -----END PGP SIGNATURE----- |
From: Bernd M. <melchers@CIS.FU-Berlin.DE> - 2006-11-08 15:48:44
|
> >> > >> hobbit@currant:~$ /usr/sbin/smartctl -H /dev/sda -d ata > >> smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen > > Side note: my logs are now filling with > kernel: program smartctl is using a deprecated SCSI ioctl, please > convert it to SG_IO > > at Warning level. How can i make this stop? :( please use an actual version of smartmontools. 5.32 is long outdated... mit freundlichen Grüßen Bernd Melchers -- Archiv- und Backup-Service | fab...@ze... Freie Universität Berlin | Tel. (030) 838-55905 und -56066 |
From: Bruce A. <ba...@gr...> - 2006-11-08 15:45:09
|
>> One possible solution is invoking smartctl through sudo - this way >> smartctl will have full root privileges. > > I did just that. All now works, thank you all. > > Side note: my logs are now filling with > kernel: program smartctl is using a deprecated SCSI ioctl, please > convert it to SG_IO > > at Warning level. How can i make this stop? :( Try building the latest version of smartmontools from CVS. The posted 5.36 version might also have this fixed. Cheers, Bruce |
From: Rob M. <rm...@so...> - 2006-11-08 16:12:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruce Allen wrote: >>> One possible solution is invoking smartctl through sudo - this way >>> smartctl will have full root privileges. >> >> I did just that. All now works, thank you all. >> >> Side note: my logs are now filling with >> kernel: program smartctl is using a deprecated SCSI ioctl, please >> convert it to SG_IO >> >> at Warning level. How can i make this stop? :( > > Try building the latest version of smartmontools from CVS. The posted > 5.36 version might also have this fixed. Aptitude claims to have installed 5.36. Thanks to all who mailed me about the version number; I'm going to ask the package maintainer what's up. > > Cheers, > Bruce - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUgHwBvBcJFK6xYURApLHAJ9pAB5nbDxrWaTmx/5C2QQUe5JDDQCfbVLQ hCuYa7JH8iV8MeI9PXIh5vs= =4BMU -----END PGP SIGNATURE----- |
From: Bruce A. <ba...@gr...> - 2006-11-08 16:51:09
|
>> Try building the latest version of smartmontools from CVS. The posted >> 5.36 version might also have this fixed. > > Aptitude claims to have installed 5.36. Thanks to all who mailed me > about the version number; I'm going to ask the package maintainer what's up. Use 'smartctl -V' to get full versioning information. Cheers, Bruce |
From: Rob M. <rm...@so...> - 2006-11-08 17:05:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruce Allen wrote: >>> Try building the latest version of smartmontools from CVS. The posted >>> 5.36 version might also have this fixed. >> >> Aptitude claims to have installed 5.36. Thanks to all who mailed me >> about the version number; I'm going to ask the package maintainer >> what's up. > > Use 'smartctl -V' to get full versioning information. smartmontools release 5.32 dated 2004/07/05 at 08:10:26 UTC Bizarre. I think i know why the maintainer has not upgraded it, however (tho i may have a word with him about calling it the wrong version): Unpacking smartmontools (from smartmontools_5.36-8_i386.deb) ... dpkg: dependency problems prevent configuration of smartmontools: smartmontools depends on libc6 (>= 2.3.6-6); however: Version of libc6 on system is 2.3.2.ds1-22sarge4. This is a production system. libc6 of the required version is still in unstable. I'm not sure bringing it up to unstable is the best idea... - -- Rob Munsch Solutions For Progress IT www.solutionsforprogress.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUg4zBvBcJFK6xYURAoaAAJwPWanNlGhl6ALAWl7T4hyIsbA0nACfbc/L ZzV2JHXek19J02whMuP2FtM= =JQuv -----END PGP SIGNATURE----- |