[Users] /dev/.../umad permissions

John Valdes valdes at anl.gov
Wed Feb 27 15:30:55 PST 2013


All,

On most (all?) linux distros, the UMAD device, eg, /dev/infiniband/umad0,
is readable and writable only by root:

  crw------- 1 root root 231, 0 Feb 12 17:50 /dev/infiniband/umad0

Being writable only by root is probably a good thing (as otherwise
anyone who could write to it could change IB port states and speeds,
and probably do even worse things, on the IB fabric), but what are the
security implications of making the umad device readable by non-root
users?

The context is that I'd like to have a non-root user be able to query
port stats (specifically, have a non-privileged ganglia user be able
to use perfquery to read counters), but that would require that umad
be readable by that user.  I have a couple of alternate approaches I
can use if making umad readable by others is a bad idea, but since
making umad non-root readable would be the simplest approach, I'm
curious to know the security implications before actually making it
so.

John

----------------------------------------------------------------------
John Valdes                  Mathematics and Computer Science Division
valdes at anl.gov                             Argonne National Laboratory



More information about the Users mailing list