dmesg and permissions

If none of the more specific forums is the right place to ask

dmesg and permissions

Postby stefan_schwarzer » 2016-11-02 08:52

Dear forum members,

I have so far successfully used dmesg with (more or less) regular user permssions (with the exception of
some special group memberships like disk, audio).
Something in a recent upgrade changed dmesg's behavior and now I need to become root to run it successfully.
Otherwise i get

sts@nbof16:/var/log$ dmesg
dmesg: read kernel buffer failed: Operation not permitted

My intention is to restore the original behavior.
I checked the changelog.Debian of util-linux without finding a hint what as changed and how to revert it.
The strace of dmesg looks unsuspicous to me, but maybe somebody is able to find the rough spot (see attachment).
FYI - I follow testing with the exception of the kernel, which is linux-image-4.8.0-1-amd64

Code: Select all
sts@nbof16:/var/log$ cat /tmp/out
execve("/bin/dmesg", ["dmesg"], [/* 59 vars */]) = 0
brk(NULL)                               = 0x24aa000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc678ecf000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=326086, ...}) = 0
mmap(NULL, 326086, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc678e7f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libtinfo.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\315\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=170776, ...}) = 0
mmap(NULL, 2267936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc678a86000
mprotect(0x7fc678aab000, 2097152, PROT_NONE) = 0
mmap(0x7fc678cab000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7fc678cab000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340 \0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31744, ...}) = 0
mmap(NULL, 2128832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc67887e000
mprotect(0x7fc678885000, 2093056, PROT_NONE) = 0
mmap(0x7fc678a84000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fc678a84000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1685264, ...}) = 0
mmap(NULL, 3791264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6784e0000
mprotect(0x7fc678675000, 2093056, PROT_NONE) = 0
mmap(0x7fc678874000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x194000) = 0x7fc678874000
mmap(0x7fc67887a000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc67887a000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340`\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=135448, ...}) = 0
mmap(NULL, 2212904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6782c3000
mprotect(0x7fc6782db000, 2093056, PROT_NONE) = 0
mmap(0x7fc6784da000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fc6784da000
mmap(0x7fc6784dc000, 13352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc6784dc000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc678e7d000
arch_prctl(ARCH_SET_FS, 0x7fc678e7e040) = 0
mprotect(0x7fc678874000, 16384, PROT_READ) = 0
mprotect(0x7fc6784da000, 4096, PROT_READ) = 0
mprotect(0x7fc678a84000, 4096, PROT_READ) = 0
mprotect(0x7fc678cab000, 16384, PROT_READ) = 0
mprotect(0x60b000, 4096, PROT_READ)     = 0
mprotect(0x7fc678ed2000, 4096, PROT_READ) = 0
munmap(0x7fc678e7f000, 326086)          = 0
set_tid_address(0x7fc678e7e310)         = 9449
set_robust_list(0x7fc678e7e320, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7fc6782c8b80, [], SA_RESTORER|SA_SIGINFO, 0x7fc6782d4100}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7fc6782c8c10, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fc6782d4100}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL)                               = 0x24aa000
brk(0x24cb000)                          = 0x24cb000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3234528, ...}) = 0
mmap(NULL, 3234528, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc677fad000
close(3)                                = 0
ioctl(1, TCGETS, 0x7fff5f162370)        = -1 ENOTTY (Inappropriate ioctl for device)
open("/dev/kmsg", O_RDONLY|O_NONBLOCK)  = -1 EPERM (Operation not permitted)
syslog(SYSLOG_ACTION_SIZE_BUFFER, NULL, 0) = -1 EPERM (Operation not permitted)
syslog(SYSLOG_ACTION_READ_ALL, 0x24ab0e0, 16392) = -1 EPERM (Operation not permitted)
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2995, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096)                       = 0
close(3)                                = 0
open("/usr/share/locale/en_US/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "dmesg: ", 7dmesg: )                  = 7
write(2, "read kernel buffer failed", 25read kernel buffer failed) = 25
write(2, ": ", 2: )                       = 2
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "Operation not permitted\n", 24Operation not permitted
) = 24
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++
stefan_schwarzer
 
Posts: 1
Joined: 2016-11-02 08:23

Re: dmesg and permissions

Postby pylkko » 2016-11-02 09:59

It's by design.

Ben Hutchings posted in changes that the new kernel is hardend in a few ways. One of these is that it does not allow dmesg for others than root.

This will be the policy from 4.8 ->
User avatar
pylkko
 
Posts: 1597
Joined: 2014-11-06 19:02

Re: dmesg and permissions

Postby marcetm » 2016-12-20 23:20

Hi

there's a way to allow run dmesg to a non root user. You have to run the command:

Code: Select all
echo 0 > /proc/sys/kernel/dmesg_restrict


But every time you restart your Pc you have to run this command again. Is there any way to make this change permanent?.
marcetm
 
Posts: 135
Joined: 2015-08-02 21:30

Re: dmesg and permissions

Postby Segfault » 2016-12-20 23:37

I would put it in /etc/sysctl.conf and it would work for me ... but I do not use systemd ...
Segfault
 
Posts: 914
Joined: 2005-09-24 12:24

Re: dmesg and permissions

Postby Head_on_a_Stick » 2016-12-21 07:29

Segfault wrote:I would put it in /etc/sysctl.conf and it would work for me ... but I do not use systemd ...

That method works under systemd as well.

@OP: did you not read the message during the kernel upgrade?
Don't break DebianHow to report bugs

SharpBang GNU/Linux® — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10695
Joined: 2014-06-01 17:46
Location: /dev/chair


Return to General Questions

Who is online

Users browsing this forum: JoeAquilina and 13 guests

fashionable