Multipath device permissions break after updating to SLES11 SP2
This document (7010571) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 11 Service Pack 2
Situation
After updating to SLES11 SP2, custom permission settings (in multipath.conf) no longer take effect.
Resolution
As documented in the SLES11 SP2 release notes, device-mapper permissions are now created through udev. In order to set custom permissions on multipath device nodes, the following steps are required:
- Copy the sample device-mapper permissions rules file to /etc/udev/rules.d
cp /usr/share/doc/packages/device-mapper/12-dm-permissions.rules /etc/udev/rules.d
- Customize the /etc/udev/rules.d file as necessary.
- After making any necessary changes, flush and rebuild the multipath maps:
multipath -F
multipath -v2
Cause
In SLES11 SP1, permissions for multipath devices were set in /etc/multipath.conf using the following type of syntax:
The above syntax would cause the MPIO device nodes in /dev/mapper to receive the designated uid, gid and mode assignments, which would then allow the appropriate access to the device.
In SLES11 SP2, device-mapper has been integrated with udev. This allows for greater flexibility in device node creation, as udev rules can be leveraged. This synchronization with udev also prevents race conditions when device changes take place while udev rules are in progress. Udev integration also causes the device nodes in /dev/mapper to be changed to symlinks, and the actual device nodes are now located in /dev/ (as dm-* devices). In order to set permissions on these devices, udev rules must be used.
The sample device-mapper permissions udev rules file is /usr/share/doc/packages/device-mapper/12-dm-permissions.rules. This file can be copied to /etc/udev/rules and modified as needed. In order to convert the example multipath.conf permissions above to udev syntax, the following entry should exist in the 12-dm-permissions.rules file, before the LABEL="dm_end" line:
ENV{DM_UUID}=="ora?*", OWNER:="grid", GROUP:="oinstall", MODE:="660"
Udev rules are extremely flexible. For advanced rules, a complete list of fields which can be used to identify devices can be found using:
After implementing a custom permission change, flush and rebuild the multipath maps, then check permissions on the appropriate /dev/dm-* device.
multipaths {
multipath {
wwid 36000601088400c0823cf3d27300011e1
alias oracle_data
mode 0660
uid 502
gid 505
}
}The above syntax would cause the MPIO device nodes in /dev/mapper to receive the designated uid, gid and mode assignments, which would then allow the appropriate access to the device.
In SLES11 SP2, device-mapper has been integrated with udev. This allows for greater flexibility in device node creation, as udev rules can be leveraged. This synchronization with udev also prevents race conditions when device changes take place while udev rules are in progress. Udev integration also causes the device nodes in /dev/mapper to be changed to symlinks, and the actual device nodes are now located in /dev/ (as dm-* devices). In order to set permissions on these devices, udev rules must be used.
The sample device-mapper permissions udev rules file is /usr/share/doc/packages/device-mapper/12-dm-permissions.rules. This file can be copied to /etc/udev/rules and modified as needed. In order to convert the example multipath.conf permissions above to udev syntax, the following entry should exist in the 12-dm-permissions.rules file, before the LABEL="dm_end" line:
ENV{DM_UUID}=="ora?*", OWNER:="grid", GROUP:="oinstall", MODE:="660"
Udev rules are extremely flexible. For advanced rules, a complete list of fields which can be used to identify devices can be found using:
udevadm info --query=all --path=/sys/block/dm-1(Replace "dm-1" with the appropriate device mapper node.)
After implementing a custom permission change, flush and rebuild the multipath maps, then check permissions on the appropriate /dev/dm-* device.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7010571
- Creation Date: 03-Aug-2012
- Modified Date:12-Oct-2022
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
