>>> Thomas Weichert <[email protected]> schrieb am 11.11.2011 um 10:00 in Nachricht <[email protected]>: > No, sudo does not solve the problem. And what about people that give > their root-users different uids for security reasons? In this case the > check in mgmt_ipc.c will be successful, but iscsiadm still aborts due > to missing write permissions. From my point of view, the only way to > solve this issue is to replace the check for username "root" to a > check for uid 0.
Hi! I wonder how changing the permissions of root will make the system more secure: If someone manages to break in as "root", he will find out what the real root is. Having multiple roots will not add anything to security IMHO, either. I agree with the permission check, but I'm worried about your security policies ;-) Regards, Ulrich > > Kind regards > Thomas > > > On 11 Nov., 08:05, "Ulrich Windl" <[email protected]> > wrote: > > Hi! > > > > I wonder whether "sudo" could solve your problem. > > > > Ulrich > > > > >>> Thomas Weichert <[email protected]> schrieb am 10.11.2011 um 09:33 > > >>> in > > > > Nachricht > > <13d84f75-4818-40be-ac53-e9d754555...@i15g2000yqm.googlegroups.com>: > > > > > > > > > > > > > > > > > I can do anything like root does including writing to /etc/iscsi and / > > > var/lib/iscsi. For files in /sys/block/sdX/device/queue_depth it was > > > not successful (E667: Fsync failed), but this also happens when I try > > > the same as real user root and seems not to be a permissen issue. > > > > > As far as I know, all users that have uid=0, are root users, however > > > this might not be forseen in Linux, since the actual logged in user > > > (`whoami`) is not stable across different logins. E.g. I log in on one > > > console as "root" and whoami returns "root". Do I log in on another > > > console with "lroot", _both_ outputs of whoami return "lroot". What I > > > also saw is, that sometime I login as "lroot" (after reboot) and > > > whoami returns "root" and vice versa. The latter effect seems to be > > > associated with the order of entries in /etc/passwd, however it does > > > not solve the multiple login issue. > > > > > I guess it would be enough just to check if the user that calls > > > iscsiadm has uid=0 and not the name "root", because if uid=0 the user > > > is definitively a root user with sufficient privileges. > > > > > Kind regards > > > Thomas -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
