SUSE Support

Here When You Need Us

Multipath device permissions break after updating to SLES11 SP2

This document (7010571) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2

Situation

After updating to SLES11 SP2, custom permission settings (in multipath.conf) no longer take effect.

Resolution

As documented in the SLES11 SP2 release notes, device-mapper permissions are now created through udev. In order to set custom permissions on multipath device nodes, the following steps are required:

  1. Copy the sample device-mapper permissions rules file to /etc/udev/rules.d
        cp /usr/share/doc/packages/device-mapper/12-dm-permissions.rules /etc/udev/rules.d
  2. Customize the /etc/udev/rules.d file as necessary.
  3. After making any necessary changes, flush and rebuild the multipath maps:
         multipath -F
         multipath -v2


Cause

In SLES11 SP1, permissions for multipath devices were set in /etc/multipath.conf using the following type of syntax:

multipaths {
      multipath {
                   wwid     36000601088400c0823cf3d27300011e1
                   alias    oracle_data
                   mode     0660
                   uid      502
                   gid      505
      }
}

The above syntax would cause the MPIO device nodes in /dev/mapper to receive the designated uid, gid and mode assignments, which would then allow the appropriate access to the device.

In SLES11 SP2, device-mapper has been integrated with udev. This allows for greater flexibility in device node creation, as udev rules can be leveraged. This synchronization with udev also prevents race conditions when device changes take place while udev rules are in progress. Udev integration also causes the device nodes in /dev/mapper to be changed to symlinks, and the actual device nodes are now located in /dev/ (as dm-* devices). In order to set permissions on these devices, udev rules must be used.

The sample device-mapper permissions udev rules file is /usr/share/doc/packages/device-mapper/12-dm-permissions.rules. This file can be copied to /etc/udev/rules and modified as needed. In order to convert the example multipath.conf permissions above to udev syntax, the following entry should exist in the 12-dm-permissions.rules file, before the LABEL="dm_end" line:

 ENV{DM_UUID}=="ora?*", OWNER:="grid", GROUP:="oinstall", MODE:="660"

Udev rules are extremely flexible. For advanced rules, a complete list of fields which can be used to identify devices can be found using:

    udevadm info --query=all --path=/sys/block/dm-1

(Replace "dm-1" with the appropriate device mapper node.)

After implementing a custom permission change, flush and rebuild the multipath maps, then check permissions on the appropriate /dev/dm-* device.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010571
  • Creation Date: 03-Aug-2012
  • Modified Date:12-Oct-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.