Re: Curious problem: btrfs device stats & unpriviliged access

[Holger Hoffstätte <holger@xxxxxxxxxxxxxxxxxxxxxx>]

It's been a while.. :D

On 10/8/18 10:02 PM, Hans van Kranenburg wrote:
> On 10/08/2018 06:37 PM, Holger Hoffstätte wrote:
> > On 10/08/18 17:46, Hans van Kranenburg wrote:
> > <snip>
> > > fs.devices() also looks for dev_items in the chunk tree:
> > >
> > > https://github.com/knorrie/python-btrfs/blob/master/btrfs/ctree.py#L481
> > >
> > > So, BOOM! you need root.
> > >
> > > Or just start a 0, ignore errors and start trying all devids until you
> > > found num_devices amount of them that work, yolo.
> >
> > Since I need to walk /sys/fs/btrfs/ anyway I *think* I can just look
> > at the entries in /sys/fs/btrfs/<fsid>/devices/ and query them all
> > directly.
>
> But, you still need root for that right? The progs code does a RO open
> directly on the block device.
>
> -$ btrfs dev stats /dev/xvdb
> ERROR: cannot open /dev/xvdb: Permission denied
> ERROR: '/dev/xvdb' is not a mounted btrfs device
>
> stat("/dev/loop0", {st_mode=S_IFBLK|0660, st_rdev=makedev(7, 0), ...}) = 0
> stat("/dev/loop0", {st_mode=S_IFBLK|0660, st_rdev=makedev(7, 0), ...}) = 0
> open("/dev/loop0", O_RDONLY)            = -1 EACCES (Permission denied)
>
> But:
>
> -# btrfs dev stats /dev/xvdb
> [/dev/xvdb].write_io_errs    0
> [/dev/xvdb].read_io_errs     0
> [/dev/xvdb].flush_io_errs    0
> [/dev/xvdb].corruption_errs  0
> [/dev/xvdb].generation_errs  0

As it turns out you don't need full root, you need permissions to read the device.
Which permissions are those, you ask?

holger>ll /dev/loop0
brw-rw---- 1 root disk 7, 0 Oct 23 02:10 /dev/loop0

Indeed directly reading the device started working when I added myself to the
"disk" group (I was in wheel before, but that wasn't sufficient - good!). \o/
Never go full root. Adding the daemon to a group (e.g. during installation)
is IMHO acceptable.

This particular rabbit hole goes deep since it involves systemd, udev,
session management and eventually alcohol; see:
https://wiki.archlinux.org/index.php/Users_and_groups#Group_list and
https://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/
for things you never really wanted to know. In my case I can get away with
the disk group menbership since I'm on Gentoo with OpenRC.

I still have to figure out the devid(s) for the ioctl, but the above
mentioned Yolo Method™ of iterating after finding the number of devices
in sysfs (under <fs-uuid>/devices/) might just be good enough; we'll see.

-h