On 7/27/05, Sean Dague <sean@xxxxxxxxx> wrote:
> On Tue, Jul 26, 2005 at 10:52:35AM -0400, Andrew Thompson wrote:
> > Sean Dague wrote:
> > >This patch prevents you from getting a screen full of stack trace when
> > >trying to run commands like xm list as a normal user, and instead provides
> > >a
> > >helpful error message.
> > +1, Admirable. (non-binding/non-voter/non-commiter)
> > >Signed-off-by: Sean Dague <sean@xxxxxxxxx>
> > >
> > >Diffstat output:
> > > main.py | 7 +++++++
> > > 1 files changed, 7 insertions(+)
> > >
> > >diff -r 48aed1403fe3 tools/python/xen/xm/main.py
> > >--- a/tools/python/xen/xm/main.py Fri Jul 22 16:44:33 2005
> > >+++ b/tools/python/xen/xm/main.py Tue Jul 26 10:31:24 2005
> > >@@ -11,6 +11,13 @@
> > >
> > > from xen.xend import PrettyPrint
> > > from xen.xend import sxp
> > >+# this is a nasty place to stick this in, but required because
> > >+# log file access is set up via a 5 deep import chain. This
> > >+# ensures the user sees a useful message instead of a stack trace
> > >+if os.getuid() != 0:
> > >+ print "xm requires root access to execute, please try again as root"
> > >+ sys.exit(1)
> > >+
> > > from xen.xend.XendClient import XendError, server
> > > from xen.xend.XendClient import main as xend_client_main
> > > from xen.xm import create, destroy, migrate, shutdown, sysrq
> > Please allow me to show my possible ignorance...
> > Is there no better way to test for elevated privileges?
> > Would it be unreasonable to think xm maintenance tasks could be handed
> > off to members of a non-root group?
> Unfortunately the root problem comes from the fact that xm writes to the
> xend log file directly, and in unprivileged state, throws an exception
> because it doesn't have write access to that file. The 2nd part of this
> problem is that this exception is buried down a whole series of 5 level
> magical import object creation paths, and hence is very hard to reasonably
> get to from the xm main().
yes, most of the problem comes from the fact that most call to
XendRoot.py is to get xend configuations (in xend-config.sxp), but too
bad XendRoot has another function: to open a log file, wich is the job
actually i had a patch to split XendRoot.py (to make a new
XendConfig.py) and convert most call to XendRoot to XendConfig, but
never have a chance to submit it. probably i will give another attempt
Xen-devel mailing list