On Thu, 22 Dec 2011 14:28:15 +0100 Raphael Hertzog <hertzog@xxxxxxxxxx> wrote: > Hello, > > I'm interested in having desktop notifications for change in the status > of my RAID devices and I saw your comment here: > http://neil.brown.name/blog/20090129234603-021 > > Unfortunately that doesn't work well in practice. The monitoring program > must be run from the user's session and apparently mdadm --monitor > only works as root: > $ mdadm --monitor --no-sharing --alert notify-send > mdadm: must be super-user to perform this action > > Is there a way to let mdadm do the monitoring for us without requiring > root rights? That is reasonable. The next release of mdadm (later today) will not impose that limitation - patch below. Unfortunately the kernel does impose a limitation. I'll fix it for 3.3, but until then you will need to apply the second patch below. > > Cheers, > > PS: Is there a better place for this kind of feature requests ? Feel > free to forward this mail to record it there (should it exist). Best place is linux-raid@xxxxxxxxxxxxxxx (you don't need to subscribe). I've Cced this reply there. Thanks, NeilBrown From ba3903d416524e0fb002eca971ce6026e5f2c3af Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb@xxxxxxx> Date: Fri, 23 Dec 2011 07:42:23 +1100 Subject: [PATCH] allow --monitor to be run by non-privileged use. Providing --no-sharing is given, monitoring should be permitted. Unfortunately the kernel current rejects GET_DISK_INFO and GET_ARRAY_INFO for non-privileged users which is unjustified. The info is available in sysfs and we could get it from there, but for now, require the kernel to be fixed. Reported-by: Raphael Hertzog <hertzog@xxxxxxxxxx> Signed-off-by: NeilBrown <neilb@xxxxxxx> diff --git a/mdadm.c b/mdadm.c index c6a887a..f07fac2 100644 --- a/mdadm.c +++ b/mdadm.c @@ -1209,7 +1209,8 @@ int main(int argc, char *argv[]) require_homehost = 0; } - if ((mode != MISC || devmode != 'E') && + if (!((mode == MISC && devmode == 'E') + || (mode == MONITOR && spare_sharing == 0)) && geteuid() != 0) { fprintf(stderr, Name ": must be super-user to perform this action\n"); exit(1); From b56ca899650a7ad4f40b2986086f411286e90c4a Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb@xxxxxxx> Date: Fri, 23 Dec 2011 07:46:36 +1100 Subject: [PATCH] md: allow non-privileged uses to GET_*_INFO about raid arrays. The info is already available in /proc/mdstat and /sys/block in an accessible form so there is no point in putting a road-block in the ioctl for information gathering. Signed-off-by: NeilBrown <neilb@xxxxxxx> diff --git a/drivers/md/md.c b/drivers/md/md.c index 9dfa2d1..87022b5 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -6129,8 +6129,15 @@ static int md_ioctl(struct block_device *bdev, fmode_t mode, struct mddev *mddev = NULL; int ro; - if (!capable(CAP_SYS_ADMIN)) - return -EACCES; + switch (cmd) { + case RAID_VERSION: + case GET_ARRAY_INFO: + case GET_DISK_INFO: + break; + default: + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + } /* * Commands dealing with the RAID driver but not any
Attachment:
signature.asc
Description: PGP signature
