[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Re: [PATCH] provide real error message when trying to run xm as non root

  • To: Andrew Thompson <andrewkt@xxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: aq <aquynh@xxxxxxxxx>
  • Date: Wed, 27 Jul 2005 00:35:57 +0900
  • Delivery-date: Tue, 26 Jul 2005 15:34:29 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JV8AShHSCxGpEtyxijz1mAfad6hqljcR+WTNacgG9jungO1NtF3EEQNSTo3nI22EqRTTHnx7/T4LyPdiBDnohyFYjGrlvjtkUv29mPgkX+FIQL+kpOQRuQp/cB9HskHiYTnxzRxzFnMiSaEVNGRAiJk+TQ8ejtVlfIPrFNsgf48=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
On 7/27/05, Sean Dague <sean@xxxxxxxxx> wrote:
> On Tue, Jul 26, 2005 at 10:52:35AM -0400, Andrew Thompson wrote:
> > Sean Dague wrote:
> > >This patch prevents you from getting a screen full of stack trace when
> > >trying to run commands like xm list as a normal user, and instead provides
> > >a
> > >helpful error message.
> >
> > +1, Admirable. (non-binding/non-voter/non-commiter)
> >
> > >Signed-off-by: Sean Dague <sean@xxxxxxxxx>
> > >
> > >Diffstat output:
> > > main.py |    7 +++++++
> > > 1 files changed, 7 insertions(+)
> > >
> > >diff -r 48aed1403fe3 tools/python/xen/xm/main.py
> > >--- a/tools/python/xen/xm/main.py    Fri Jul 22 16:44:33 2005
> > >+++ b/tools/python/xen/xm/main.py    Tue Jul 26 10:31:24 2005
> > >@@ -11,6 +11,13 @@
> > >
> > > from xen.xend import PrettyPrint
> > > from xen.xend import sxp
> > >+# this is a nasty place to stick this in, but required because
> > >+# log file access is set up via a 5 deep import chain.  This
> > >+# ensures the user sees a useful message instead of a stack trace
> > >+if os.getuid() != 0:
> > >+    print "xm requires root access to execute, please try again as root"
> > >+    sys.exit(1)
> > >+
> > > from xen.xend.XendClient import XendError, server
> > > from xen.xend.XendClient import main as xend_client_main
> > > from xen.xm import create, destroy, migrate, shutdown, sysrq
> >
> > Please allow me to show my possible ignorance...
> >
> > Is there no better way to test for elevated privileges?
> > Would it be unreasonable to think xm maintenance tasks could be handed
> > off to members of a non-root group?
> 
> Unfortunately the root problem comes from the fact that xm writes to the
> xend log file directly, and in unprivileged state, throws an exception
> because it doesn't have write access to that file.  The 2nd part of this
> problem is that this exception is buried down a whole series of 5 level
> magical import object creation paths, and hence is very hard to reasonably
> get to from the xm main().
> 

yes, most of the problem comes from the fact that most call to
XendRoot.py is to get xend configuations (in xend-config.sxp), but too
bad XendRoot has another function: to open a log file, wich is the job
of root.

actually i had a patch to split XendRoot.py (to make a new
XendConfig.py) and convert most call to XendRoot to XendConfig, but
never have a chance to submit it. probably i will give another attempt
this weekend.


regards,
aq

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.