[Users] /dev/.../umad permissions
John Valdes
valdes at anl.gov
Wed Feb 27 15:30:55 PST 2013
All,
On most (all?) linux distros, the UMAD device, eg, /dev/infiniband/umad0,
is readable and writable only by root:
crw------- 1 root root 231, 0 Feb 12 17:50 /dev/infiniband/umad0
Being writable only by root is probably a good thing (as otherwise
anyone who could write to it could change IB port states and speeds,
and probably do even worse things, on the IB fabric), but what are the
security implications of making the umad device readable by non-root
users?
The context is that I'd like to have a non-root user be able to query
port stats (specifically, have a non-privileged ganglia user be able
to use perfquery to read counters), but that would require that umad
be readable by that user. I have a couple of alternate approaches I
can use if making umad readable by others is a bad idea, but since
making umad non-root readable would be the simplest approach, I'm
curious to know the security implications before actually making it
so.
John
----------------------------------------------------------------------
John Valdes Mathematics and Computer Science Division
valdes at anl.gov Argonne National Laboratory
More information about the Users
mailing list