[Users] /dev/.../umad permissions
Ira Weiny
weiny2 at llnl.gov
Wed Feb 27 16:14:46 PST 2013
On Wed, 27 Feb 2013 17:30:55 -0600
John Valdes <valdes at anl.gov> wrote:
> All,
>
> On most (all?) linux distros, the UMAD device, eg, /dev/infiniband/umad0,
> is readable and writable only by root:
>
> crw------- 1 root root 231, 0 Feb 12 17:50 /dev/infiniband/umad0
>
> Being writable only by root is probably a good thing (as otherwise
> anyone who could write to it could change IB port states and speeds,
> and probably do even worse things, on the IB fabric), but what are the
> security implications of making the umad device readable by non-root
> users?
>
> The context is that I'd like to have a non-root user be able to query
> port stats (specifically, have a non-privileged ganglia user be able
> to use perfquery to read counters), but that would require that umad
> be readable by that user. I have a couple of alternate approaches I
> can use if making umad readable by others is a bad idea, but since
> making umad non-root readable would be the simplest approach, I'm
> curious to know the security implications before actually making it
> so.
>
The problem with this approach is that perfquery, ibqueryerrors must also write to the umad device to send the Get() MAD's. This is true with most of the diags out there.
Another option would be to look into the performance manager within OpenSM. With a lot of luck it will soon be able to query PortCountersExtended and be able to give accurate data counters! :-D
Ira
> John
>
> ----------------------------------------------------------------------
> John Valdes Mathematics and Computer Science Division
> valdes at anl.gov Argonne National Laboratory
> _______________________________________________
> Users mailing list
> Users at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/users
--
Ira Weiny
Member of Technical Staff
Lawrence Livermore National Lab
925-423-8008
weiny2 at llnl.gov
More information about the Users
mailing list