ec2-get-console-output as non-root user does not work

Bug #355445 reported by Neil Soman on 2009-04-05
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Eucalyptus
Invalid
Medium
Daniel Nurmi
1.5
Won't Fix
Medium
Daniel Nurmi
2.0
Confirmed
Undecided
Unassigned

Bug Description

When the NC is started as a non root user and the hypervisor is xen, ec2-get-console-output will produce the following message:

Error: Most commands need root access. Please try again as root.

This is because "xm" xen commands cannot run as non-root.

Neil Soman (neilsoman) on 2009-04-05
Changed in eucalyptus:
importance: Undecided → Medium
Matt Sayler (sayler) wrote :

Is the solution to this just to change

rc = execl("/usr/sbin/xm", "/usr/sbin/xm", "console", instanceId, NULL);

to

rc = execl("/usr/bin/sudo", "/usr/bin/sudo", "/usr/bin/xm", "console", instanceId, NULL);

in handler-xen.c ?

As far as I can tell, the Debian packages for Eucalyptus set up eucalyptus to be able to sudo exec /usr/bin/xm ..

I tried this fix (getting /usr/sbin/xm to call sudo if not running as root, so I didn't have to recompile anything).

But sudo seems to reopen stdin, which the code above has just closed. If stdin is available, "xm console" reads from that and exits with no output.

So, I also had to patch /usr/lib/xen-3.2-1/lib/python/xen/xm/main.py to do "os.close(0)" to make it work.

(note: I am using the Debian packages)

Changed in eucalyptus:
assignee: nobody → Daniel Nurmi (nurmi)
Daniel Nurmi (nurmi) wrote :

get-console-output is still not supported when using the Xen hypervisor, but we are exploring a solution that allows the sysadmin to configure xen to allow euca to read the console output

Changed in eucalyptus:
status: New → Confirmed

These bug won't be fixed for 1.5, but Dan mentioned that there is work done for the next release.

There is a workaround available for the devel version. Leaving it open as confirmed for 2.0.

Changed in eucalyptus:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers