WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Re: [PATCH] provide real error message when trying to ru

from [aq] [Permanent Link][Original]
To: Andrew Thompson <andrewkt@xxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Re: [PATCH] provide real error message when trying to run xm as non root
From: aq <aquynh@xxxxxxxxx>
Date: Wed, 27 Jul 2005 00:35:57 +0900
Delivery-date: Tue, 26 Jul 2005 15:34:29 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JV8AShHSCxGpEtyxijz1mAfad6hqljcR+WTNacgG9jungO1NtF3EEQNSTo3nI22EqRTTHnx7/T4LyPdiBDnohyFYjGrlvjtkUv29mPgkX+FIQL+kpOQRuQp/cB9HskHiYTnxzRxzFnMiSaEVNGRAiJk+TQ8ejtVlfIPrFNsgf48=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20050726150952.GA21174@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20050726144156.GA22926@xxxxxxxxxxxxxxxxxxx> <42E64E33.5030507@xxxxxxxxxxx> <20050726150952.GA21174@xxxxxxxxxxxxxxxxxxx>
Reply-to: aq <aquynh@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On 7/27/05, Sean Dague <sean@xxxxxxxxx> wrote:
> On Tue, Jul 26, 2005 at 10:52:35AM -0400, Andrew Thompson wrote:
> > Sean Dague wrote:
> > >This patch prevents you from getting a screen full of stack trace when
> > >trying to run commands like xm list as a normal user, and instead provides
> > >a
> > >helpful error message.
> >
> > +1, Admirable. (non-binding/non-voter/non-commiter)
> >
> > >Signed-off-by: Sean Dague <sean@xxxxxxxxx>
> > >
> > >Diffstat output:
> > > main.py |    7 +++++++
> > > 1 files changed, 7 insertions(+)
> > >
> > >diff -r 48aed1403fe3 tools/python/xen/xm/main.py
> > >--- a/tools/python/xen/xm/main.py    Fri Jul 22 16:44:33 2005
> > >+++ b/tools/python/xen/xm/main.py    Tue Jul 26 10:31:24 2005
> > >@@ -11,6 +11,13 @@
> > >
> > > from xen.xend import PrettyPrint
> > > from xen.xend import sxp
> > >+# this is a nasty place to stick this in, but required because
> > >+# log file access is set up via a 5 deep import chain.  This
> > >+# ensures the user sees a useful message instead of a stack trace
> > >+if os.getuid() != 0:
> > >+    print "xm requires root access to execute, please try again as root"
> > >+    sys.exit(1)
> > >+
> > > from xen.xend.XendClient import XendError, server
> > > from xen.xend.XendClient import main as xend_client_main
> > > from xen.xm import create, destroy, migrate, shutdown, sysrq
> >
> > Please allow me to show my possible ignorance...
> >
> > Is there no better way to test for elevated privileges?
> > Would it be unreasonable to think xm maintenance tasks could be handed
> > off to members of a non-root group?
> 
> Unfortunately the root problem comes from the fact that xm writes to the
> xend log file directly, and in unprivileged state, throws an exception
> because it doesn't have write access to that file.  The 2nd part of this
> problem is that this exception is buried down a whole series of 5 level
> magical import object creation paths, and hence is very hard to reasonably
> get to from the xm main().
> 

yes, most of the problem comes from the fact that most call to
XendRoot.py is to get xend configuations (in xend-config.sxp), but too
bad XendRoot has another function: to open a log file, wich is the job
of root.

actually i had a patch to split XendRoot.py (to make a new
XendConfig.py) and convert most call to XendRoot to XendConfig, but
never have a chance to submit it. probably i will give another attempt
this weekend.


regards,
aq

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [PATCH] provide real error message when trying to run xm as non root, Sean Dague
Next by Date:  [Xen-devel] [PATCH] Cleanup empy domain if memory reservation fails, Anthony Liguori
Previous by Thread:  [Xen-devel] Re: [PATCH] provide real error message when trying to run xm as non root, Sean Dague
Next by Thread:  [Xen-devel] [PATCH] Cleanup empy domain if memory reservation fails, Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy