IBM Support

Requirement for running Tivoli Storage Manager Passthru driver with non-root user ID on Linux Platforms

Troubleshooting


Problem

The DEFINE PATH command will fail when issued by a non-root user ID on Linux Platforms

Symptom

When using a non-root ID to run the Tivoli Storage Manager server, the DEFINE PATH command fails. The following message is seen in the error log file for a non-IBM device:

10/02/08 22:38:09 ANR2017I Administrator ADMIN issued command: DEFINE PATH
palo hpvtl srct=server destt=libr devi=/dev/tsmscsi/lb0
(SESSION: 69)
10/02/08 22:38:30 ANR8840E Unable to open device /dev/tsmscsi/lb0 with file
handle 13 and PVRRC 153. (SESSION: 69)
10/02/08 22:38:30 ANR8418E DEFINE PATH: An I/O error occurred while
more... (<ENTER> to continue, 'C' to cancel)
accessing library HPVTL. (SESSION: 69)

Cause


This is a security issue caused by the Linux sg driver and IBM tape device driver. The sg driver and IBM tape device driver do not allow access to SCSI devices by non-root user IDs. SCSI devices configured by the sg driver and IBM tape device driver have the following attributes:

crw------- 1 root root 21, 0 Sep 30 12:51 /dev/sg0
crw------- 1 root root 234, 0 Sep 20 1:30 /dev/IBMtape0

Environment

Running dsmserv with a non-root user ID on Linux platforms

Resolving The Problem


To resolve this problem, change the attribute statements created by the sg driver and the IBM tape device driver for existing device files.

Here is an example for changing the attributes of the sg devices.

1. Determine which sg driver’s special file corresponds to a Tivoli Storage Manager tape device. For example, issue the following to see a list of tape devices and corresponding special files:

[root@xlinux1 ~]# ls -l /dev/tsmscsi/mt*
lrwxrwxrwx 1 root root 8 Oct 3 14:41 /dev/tsmscsi/mt0 -> /dev/sg3
lrwxrwxrwx 1 root root 8 Oct 3 14:41 /dev/tsmscsi/mt1 -> /dev/sg4
lrwxrwxrwx 1 root root 8 Oct 3 14:41 /dev/tsmscsi/mt2 -> /dev/sg6
lrwxrwxrwx 1 root root 8 Oct 3 14:41 /dev/tsmscsi/mt3 -> /dev/sg9
lrwxrwxrwx 1 root root 9 Oct 3 14:41 /dev/tsmscsi/mt4 -> /dev/sg13
lrwxrwxrwx 1 root root 9 Oct 3 14:41 /dev/tsmscsi/mt5 -> /dev/sg20


2. Use the command chmod a+rw /dev/sgX to change special file attributes. The X represents a number from 0 to 255. For example, issue the following command to change the /dev/sg3 special file attribute:

[root@xlinux1 ~]#chmod a+rw /dev/sg3

[{"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Server","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Supported Versions","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
17 June 2018

UID

swg21321130

Page Feedback