[ofa-general] [PATCH] infiniband-diags: terminate perl scripts with error if not root
Timothy A. Meier
meier3 at llnl.gov
Fri May 23 08:58:48 PDT 2008
Sasha Khapyorsky wrote:
> On 08:17 Thu 22 May , Hal Rosenstock wrote:
>> On Thu, 2008-05-22 at 08:15 -0700, Timothy A. Meier wrote:
>>> Sasha,
>>>
>>> Trivial patch to enforce root for these perl scripts. More importantly,
>>> doesn't silently fail if not root, and returns an error code.
>> Should these enforce root or be based on udev permissions for umad which
>> default to root ?
>
> I would ask the same question as Hal did.
>
Ok, I understand. I have created another patch with just the auth_check
routine in it.
Following Hals advice, authorization is based on the umad permissions.
> What is wrong with how it works now? On some system access to files could
> be arranged for group members, or ibnetdiscover used as engine for many
> scripts could be su/gid-ed. This will break there.
>
> Sasha
>
The new patch shouldn't break code. I didn't realize/think about non-root
with the original patch. The intent is simply to provide a consistent and
non-silent fail mechanism.
Currently, you can get partial functionality from these scripts (-? for
example). So in that sense, this can change the behavior if the check is used
early in the script (as I did in the original patch). I view most of these
scripts as "all or nothing".
--
Timothy A. Meier
Computer Scientist
ICCD/High Performance Computing
925.422.3341
meier3 at llnl.gov
More information about the general
mailing list