|Subject:||[Halevt-dev] Can't mount devices for admins in SUM|
|Date:||Thu, 11 Mar 2010 16:27:20 -0700|
We are building a custom system based upon Redhat Linux. Basically there are two modes of operation, normal and maintenance. We are having an issue with halevt in maintenance mode.
There are two categories of users: Platform Admins (PA) and Platform Users (PU). We use halevt to mount removable media for admins only. Halevt does not run for PUs. Removable media are handled by a separate virtualization software package for PUs.
The configuration (attached) file for our system is based upon halevt default config file. We modified it tell us more about the kind of device that was inserted and to call a custom program in /usr/sbin/hapHalevt. Any other software on the system that needs removable media support must interface to a library that in turn interfaces to the output of /usr/sbin/hapHalevt.
Following is a description of the modes of operation and the use of halevt
Normal: Runs like any Linux machine with X11 and networking. In this case, halevt is used for various tasks and everything works great. We start halevt whenever a PA logs in via a gdm script: basically halevt –u PA –c /etc/hapRMM_B/.halevt/hapHalevtConfigActions.xml
When the PA logs out, the halevt service is stopped, and all media unmounted.
Maintenance: This is basically single user mode, except that it is a PA that is logged in, not root. Maintenance mode is entered when certain system conditions occur, for instance the audit logs have exceeded the size of the partition they reside on. When this event occurs, the system enters maintenance mode.
Just to give you a quick scenario: Suppose a PU is logged in, but the PA has been slacking off in archiving the mandatory audit logs and the audit partition becomes full. This sends a signal that causes a graceful exit of all the PU processes and maintenance mode is entered. The PU must then go find a PA to do the maintenance since PUs are not authorized to perform maintenance. The PA will see a console with a login prompt such as Login[PA only]:
Once logged in, we want to start halevt on his behalf so he can insert some media and archive the audit logs so the system can be recovered and the PU can get back to work. However, if we start halevt just like we do in runlevel 5, it starts but it mounts no media. If we execute without specifying a user, like this: halevt –c /etc/hapRMM_B/.halevt/hapHalevtConfigActions.xls it will then mount the media, however, it is owned by root with permissions 775, and the PA cannot access the device to write the audit logs. User root has no login privileges on our system, so we cannot have the PA log in as root.
Can you help us figure this out and get maintenance mode working? Thanks.
|[Prev in Thread]||Current Thread||[Next in Thread]|