Problem with multiple root-users (UID=0)
Thomas Weichert
in the last few days I encountered a problem on my SLES 11.1 Linux
with the open-iscsi package in version 2.0-871 respectively 0.872. I
investigated the problem and found out that in my system there are two
root users with uid = 0 (sadly, this is required). Therefore I digged
deeper and found out that the problem most probably lies in the two
code snippets where "root" is defnied explicitely. Those are usr/
mgmt_ipc.c around line 549 with:
if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
err = MGMT_IPC_ERR_ACCESS;
goto err;
}
as well as usr/statics.c around line 7:
static struct passwd root_pw = {
.pw_name = "root",
}
When the Linux command `whoami` returns something different than
"root", open-iscsi will not work.
As far as I understand the issue, the function call to mgmt_peeruser()
in mgmt_ipc.c sets the variable user to the currently logged in user
name and then it is compared to "root". If my root-user is named
differently, the strncmp function fails of course. I did not
investigate the code in statics.c further, whether it plays a role or
not, since a change to mgmt_ipc.c solves my problem.
Is there a chance to fix this issue just by checking if the user has
sufficient rights, e.g. has uid=0, or is there any special reason for
demanding a user named root?
Thanks a lot
Thomas
Mike Christie
If you have a uid=0, but you do not have the username of root can you
write files like the ones in /etc/iscsi or /var/lib/iscsi or can you
write to some proc/sysfs files like the
/sys/block/sdX/device/queue_depth one?
Ulrich Windl
Nachricht <4EBADD08...@cs.wisc.edu>:
Hi Mike!
I guess so, because the open() syscall doesn't care about the user's name; just about the UID (and GIDs).
Ulrich
Thomas Weichert
var/lib/iscsi. For files in /sys/block/sdX/device/queue_depth it was
not successful (E667: Fsync failed), but this also happens when I try
the same as real user root and seems not to be a permissen issue.
As far as I know, all users that have uid=0, are root users, however
this might not be forseen in Linux, since the actual logged in user
(`whoami`) is not stable across different logins. E.g. I log in on one
console as "root" and whoami returns "root". Do I log in on another
console with "lroot", _both_ outputs of whoami return "lroot". What I
also saw is, that sometime I login as "lroot" (after reboot) and
whoami returns "root" and vice versa. The latter effect seems to be
associated with the order of entries in /etc/passwd, however it does
not solve the multiple login issue.
I guess it would be enough just to check if the user that calls
iscsiadm has uid=0 and not the name "root", because if uid=0 the user
is definitively a root user with sufficient privileges.
Kind regards
Thomas
Ulrich Windl
I wonder whether "sudo" could solve your problem.
Ulrich
>>> Thomas Weichert <tho...@weichert-web.de> schrieb am 10.11.2011 um 09:33 in
Nachricht
<13d84f75-4818-40be...@i15g2000yqm.googlegroups.com>:
Thomas Weichert
their root-users different uids for security reasons? In this case the
check in mgmt_ipc.c will be successful, but iscsiadm still aborts due
to missing write permissions. From my point of view, the only way to
solve this issue is to replace the check for username "root" to a
check for uid 0.
Kind regards
Thomas
On 11 Nov., 08:05, "Ulrich Windl" <Ulrich.Wi...@rz.uni-regensburg.de>
wrote:
>
> I wonder whether "sudo" could solve your problem.
>
> Ulrich
>
> >>> Thomas Weichert <tho...@weichert-web.de> schrieb am 10.11.2011 um 09:33 in
>
> Nachricht
Ulrich Windl
Nachricht <e2a38854-d35c-4177...@w3g2000vbw.googlegroups.com>:
> No, sudo does not solve the problem. And what about people that give
> their root-users different uids for security reasons? In this case the
> check in mgmt_ipc.c will be successful, but iscsiadm still aborts due
> to missing write permissions. From my point of view, the only way to
> solve this issue is to replace the check for username "root" to a
> check for uid 0.
Hi!
I wonder how changing the permissions of root will make the system more secure: If someone manages to break in as "root", he will find out what the real root is. Having multiple roots will not add anything to security IMHO, either. I agree with the permission check, but I'm worried about your security policies ;-)
Regards,
Ulrich
Mike Christie
>
> sufficient rights, e.g. has uid=0, or is there any special reason for
> demanding a user named root?
>
I have been checking with the security people at various distros and
they seem to think just checking for uid=0 would be ok.
I am going to check what some other tools are doing just to make sure.
Bernd Petrovitsch
[...]
> I wonder how changing the permissions of root will make the system
What do you mean with the "changing the permissions of root"?
In the kernel, the user-id 0 is allowed to do everything (and there is
no "user name" in the kernel).
If you call the user with the user-id 0 "root" in user-space via
the /etc/passwd (or LDAP or ....) file doesn't really matter.
> more secure: If someone manages to break in as "root", he will find
> out what the real root is.
That is actually confusing (though everyone is used to it): "to become
root" technically means actually "assume the user-id 0".
Every user (who is logged in) can look into /etc/passwd (or LDAP or ...)
and see, which username is associated with 0 (otherwise `ls` can't
translate the uids from the filesystem into human-readable usernames).
I seriously doubt that renaming the "root" (and having a normal account
with the name "root") actually adds security. From the outside, you
shouldn't allow "root logins" anyway (read: a login where one ends up
with the user-id 0) and if you are on the system, you can look up the
user-name anyways.
So that will IMHO just add confusion .....
> Having multiple roots will not add anything
> to security IMHO, either. I agree with the permission check, but I'm
Well, you can have different passwords for the various user with user-id
0. But what can one do with that which can't be done with e.g. "sudo".
> worried about your security policies ;-)
[ Fullquote deleted ]
Bernd
--
Bernd Petrovitsch Email : be...@petrovitsch.priv.at
LUGA : http://www.luga.at
Thomas Weichert
as far as I know, multiple root users are employed because of tracing
reasons, and definitively not in order to make the system more secure
(especially since the systems are within a LAN and not exposed to the
outside world).
Moreover, I am not the system administrator and I actually do not care
about any permission or security policies. So, thanks for explaining
the technical insights about usernames and ids - however, this does
not change the fact, that there is a bug in open-iscsi.
Kind regards
Thomas
Mike Christie
> On 11/07/2011 01:37 PM, Thomas Weichert wrote:
>>
>> Is there a chance to fix this issue just by checking if the user has
>> sufficient rights, e.g. has uid=0, or is there any special reason for
>> demanding a user named root?
>>
>
> I have been checking with the security people at various distros and
> they seem to think just checking for uid=0 would be ok.
>
Here is a patch for this.
