Re: {bb} DF of read-locked partitions

To: bb@bb4.com
Subject: Re: {bb} DF of read-locked partitions
From: Philip Clark <bblist@cannae.uklinux.net>
Date: 16 Aug 2006 21:20:43 +0100
Content-transfer-encoding: 7bit
Content-type: text/plain
In-reply-to: <1155753260.21633.81.camel@scarlett>
References: <BC8232FC8037F9438BFB18C607E234FB036F01E7@PRVPVSMAIL10.corp.twcable.com> <1155687883.4931.97.camel@carter.pythonesque.net> <1155753260.21633.81.camel@scarlett>
Reply-to: bb@bb4.com
Sender: owner-bb@bb4.com

On Wed, 2006-08-16 at 19:34, System Administrator wrote:
> On a couple of my systems the 'df' command give a "permission denied"
> error for certain partitions because non-root users don't even have
> permission to check the disk usage of these mountpoints. I've hacked
> bbsys.local to redefine DF to include a list of safe partitions but
> this only works so long as the filesystem structure isn't modified.
> 
> This illustrates the problem:
> 
> 124$ who am i
> bbuser     pts/2        Aug 16 09:53    (0:0)
> 
> 125$ df -lk
> Filesystem            kbytes    used   avail capacity  Mounted on
> /dev/md/dsk/d2       5040814  779581 4210825    16%    /
> /dev/md/dsk/d5       5040814 1616608 3373798    33%    /usr
> /proc                      0       0       0     0%    /proc
> fd                         0       0       0     0%    /dev/fd
> mnttab                     0       0       0     0%    /etc/mnttab
> /dev/md/dsk/d11      10080200 1277386 8702012    13%    /var
> swap                 3677296      16 3677280     1%    /var/run
> swap                 3677528     248 3677280     1%    /tmp
> /dev/md/dsk/d8       10080200 8667883 1311515    87%    /export/home
> /proc                      0       0       0
> 0%    /var/opt/SUNWbb/root/proc
> df: cannot statvfs /var/opt/SUNWbb/root/tmp/SUNWut/sessions: Permission
> denied
> df: cannot statvfs /var/opt/SUNWbb/root/tmp/SUNWut/units: Permission
> denied
> 
> // This is the command I've used to redefine DF:
> 126$ df -kl / /usr /var /var/run /tmp /export/home
> Filesystem            kbytes    used   avail capacity  Mounted on
> /dev/md/dsk/d2       5040814  779581 4210825    16%    /
> /dev/md/dsk/d5       5040814 1616608 3373798    33%    /usr
> /dev/md/dsk/d11      10080200 1277386 8702012    13%    /var
> swap                 3677512      16 3677496     1%    /var/run
> swap                 3677744     248 3677496     1%    /tmp
> /dev/md/dsk/d8       10080200 8667883 1311515    87%    /export/home
> 
> It's ugly but two commands, a DF to identify read-locked partitions
> followed by a second command filter to create the final list, would
> work but it also might exclude some of the problems I want to monitor.
> Changing the permissions on the directories or adding bbuser to the
> root group probably are bad ideas for security reasons. Can you think
> of a better way to accomplish this?

The "sudo" command is generally the optimal way to grant access
to restricted commands.

Cheers, Phil.



-- 
A consultant is a person who borrows your watch, tells you what
time it is, pockets the watch, and sends you a bill for it.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

References:
- {bb} ERROR: 10060 - CAN'T CONNECT TO bbd
  - From: "Lose, James" <james.lose@twcable.com>
- Re: {bb} ERROR: 10060 - CAN'T CONNECT TO bbd
  - From: Philip Clark <bblist@cannae.uklinux.net>
- {bb} DF of read-locked partitions
  - From: System Administrator <walter@asf.alaska.edu>

Prev by Date: {bb} DF of read-locked partitions
Next by Date: {bb} bb-roracle - error when enabling extent check Yes: bad number
Previous by thread: {bb} DF of read-locked partitions
Next by thread: {bb} bb-roracle - error when enabling extent check Yes: bad number
Index(es):
- Date
- Thread

Home | Main Index | Thread Index