run /usr/sbin/dmesg with a limited user account - no root

googler80 · ‎07-14-2008

Hello guys, this is my first post here, I hope someone can help me to resolve this issue.

I have an HP-UX box, and i need to run the dmesg command located in /usr/sbin. This command should be run using a limited user, permissions are given to everyone on that command, but it seems it goes to read from the kernel. could anyone help, how to make it possible to run this command with a specific user without giving him hight privileges ?

here is the output:

==============================
bash$ /usr/sbin/dmesg

Jul 14 14:04
Can't read kernel memory
==============================

Thanks guys

Ivan Krastev · ‎07-14-2008

Use sudo to assign privileges for running dmesg command.

regards,
ivan

James R. Ferguson · ‎07-14-2008

Hi:

What information are you *rally* trying to discern from 'dmesg'?

Regards!

...JRF...

googler80 · ‎07-14-2008

memory information, but it is not me who is trying to get this information :)
it is my system, it is a monitoring system, and it runs this command to get information related to the memory capacity and memory utilization.

file permissions or dmesg allows all users to run the file:

$ ls -l /usr/sbin/dmesg
lrwxr-xr-x 1 root sys 11 Feb 13 2002 dmesg -> /sbin/dmesg

$ ls -l /sbin/dmesg
-r-xr-xr-x 1 bin bin 212992 Nov 14 2000 /sbin/dmesg

So the rights are given to everybody to run the file, but it seems a part of this command tries to read the kernel which is not allowed to my user.

Ivan Krastev · ‎07-14-2008

dmesg is using the kernel buffers - that was the reason for root account.
You can use crontab to schedule dmesg entries to be written into separate file - http://docs.hp.com/en/B3921-90010/dmesg.1M.html

regards,
ivan

James R. Ferguson · ‎07-14-2008

Hi (again):

I suspected that is was memory information that you wanted. Why, is still unclear, but:

# echo "selclass qualifier memory;info;wait;infolog"|cstm > /var/tmp/meminfo

Regards!

...JRF...

googler80 · ‎07-14-2008

Thanks for your replies guys, and many thanks for the command,
but I really need the user to run that specific command as I cannot change in the source code of the monitoring system to use the other command.
besides, it still needs to calculate percentage of utilizewd memory.
I need to let a user run /usr/sbin/dmesg

Thanks guys

Dennis Handly · ‎07-14-2008

>but I really need the user to run that specific command

Be aware that dmesg will NOT have this info if the system has been up for some time.

Patrick Wallek · ‎07-14-2008

To expand on what Dennis said --

dmesg is a circular buffer of messages. Once the buffer is full, older messages will disappear as newer messages are received.

So, eventually you will NOT be able to find your memory info is the dmesg buffer.

You really need to look for an alternate means to get the information you need.

Torsten. · ‎07-14-2008

Don't how you want to get the amount of utilized memory with dmesg, but anyway, consider to setup sudo to enable the user to run dmesg.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

googler80 · ‎07-14-2008

probably the system uses dmesg and other commands, but dmesg must be run in order to collect and measure the needed data.

if anyone can help me with what is needed for this user to run dmesg, that would be great

googler80 · ‎07-14-2008

What I wanted to say is that there is no alternative for me to get what is needed, my system uses that, and I cannot change in the code as the code is not available.

I consulted the company that created this system, they told me that the user must be able to run dmesg successfully. this is why I need it.

Torsten. · ‎07-14-2008

If this application was designed to run as non-root there should be an existing workaround for this.
No idea what your application does and information it pulls from dmesg.
Since /usr/sbin/dmesg is only a link to /sbin/dmesg, you may consider to replace this link by a sudo script - this is up to you.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

googler80 · ‎07-14-2008

The application does not request running the monitoring with root except for the memory parameters for HP-UX.
I am trying to find a workaround as we cannot use root for such thing.

as seen above, all users have permissions to run the link and the original file or script.

but as I could see from the error, it cannot read for the kernel.

All I am looking for is a way to let this non-root (limited user) run the dmesg successfully.

Any workaround or hint is highly appreciated.

Is there a way to let my user run it? is there a specific permission to be given? or change in the link properties?

Dennis Handly · ‎07-15-2008

>all users have permissions to run dmesg and the original file or script. but as I could see from the error

As you said, the permissions are a joke, only root can run it successfully.

>I am looking for is a way to let this non-root (limited user) run the dmesg successfully.

If you don't care that ANY user can run dmesg, you can do the obvious and make /sbin/dmesg SUID root:
# chown root /sbin/dmesg
# chmod u+s /sbin/dmesg

googler80 · ‎07-15-2008

mmmm, I believe this might solve it, but nobody will acept it... :)
yeah, maybe we can do that but for a specific group instead and make the user a part of that group, no?

Dennis Handly · ‎07-15-2008

>maybe we can do that but for a specific group instead and make the user a part of that group, no?

You might want to remove "x" for other and chgrp to you new group. (I'm not sure which take precedence, SUID root or execute permission.)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

run /usr/sbin/dmesg with a limited user account - no root

run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root

Re: run /usr/sbin/dmesg with a limited user account - no root