From mboxrd@z Thu Jan 1 00:00:00 1970 From: aq Subject: Re: Re: [PATCH] provide real error message when trying to run xm as non root Date: Wed, 27 Jul 2005 00:35:57 +0900 Message-ID: <9cde8bff0507260835166ad60f@mail.gmail.com> References: <20050726144156.GA22926@underhill.no-ip.org> <42E64E33.5030507@aktzero.com> <20050726150952.GA21174@underhill.no-ip.org> Reply-To: aq Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <20050726150952.GA21174@underhill.no-ip.org> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Andrew Thompson , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On 7/27/05, Sean Dague wrote: > On Tue, Jul 26, 2005 at 10:52:35AM -0400, Andrew Thompson wrote: > > Sean Dague wrote: > > >This patch prevents you from getting a screen full of stack trace when > > >trying to run commands like xm list as a normal user, and instead prov= ides > > >a > > >helpful error message. > > > > +1, Admirable. (non-binding/non-voter/non-commiter) > > > > >Signed-off-by: Sean Dague > > > > > >Diffstat output: > > > main.py | 7 +++++++ > > > 1 files changed, 7 insertions(+) > > > > > >diff -r 48aed1403fe3 tools/python/xen/xm/main.py > > >--- a/tools/python/xen/xm/main.py Fri Jul 22 16:44:33 2005 > > >+++ b/tools/python/xen/xm/main.py Tue Jul 26 10:31:24 2005 > > >@@ -11,6 +11,13 @@ > > > > > > from xen.xend import PrettyPrint > > > from xen.xend import sxp > > >+# this is a nasty place to stick this in, but required because > > >+# log file access is set up via a 5 deep import chain. This > > >+# ensures the user sees a useful message instead of a stack trace > > >+if os.getuid() !=3D 0: > > >+ print "xm requires root access to execute, please try again as ro= ot" > > >+ sys.exit(1) > > >+ > > > from xen.xend.XendClient import XendError, server > > > from xen.xend.XendClient import main as xend_client_main > > > from xen.xm import create, destroy, migrate, shutdown, sysrq > > > > Please allow me to show my possible ignorance... > > > > Is there no better way to test for elevated privileges? > > Would it be unreasonable to think xm maintenance tasks could be handed > > off to members of a non-root group? >=20 > Unfortunately the root problem comes from the fact that xm writes to the > xend log file directly, and in unprivileged state, throws an exception > because it doesn't have write access to that file. The 2nd part of this > problem is that this exception is buried down a whole series of 5 level > magical import object creation paths, and hence is very hard to reasonabl= y > get to from the xm main(). >=20 yes, most of the problem comes from the fact that most call to XendRoot.py is to get xend configuations (in xend-config.sxp), but too bad XendRoot has another function: to open a log file, wich is the job of root. actually i had a patch to split XendRoot.py (to make a new XendConfig.py) and convert most call to XendRoot to XendConfig, but never have a chance to submit it. probably i will give another attempt this weekend. regards, aq