Novell Home

My Favorites

Close

Please to see your favorites.

Multipath device permissions break after updating to SLES11 SP2

This document (7010571) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2

Situation

After updating to SLES11 SP2, custom permission settings (in multipath.conf) no longer take effect.

Resolution

As documented in the SLES11 SP2 release notes, device-mapper permissions are now created through udev. In order to set custom permissions on multipath device nodes, the following steps are required:

  1. Copy the sample device-mapper permissions rules file to /etc/udev/rules.d
        cp /usr/share/doc/packages/device-mapper/12-dm-permissions.rules /etc/udev/rules.d
  2. Customize the /etc/udev/rules.d file as necessary.
  3. After making any necessary changes, flush and rebuild the multipath maps:
         multipath -F
         multipath -v2


Cause

In SLES11 SP1, permissions for multipath devices were set in /etc/multipath.conf using the following type of syntax:

multipaths {
      multipath {
                   wwid     36000601088400c0823cf3d27300011e1
                   alias    oracle_data
                   mode     0660
                   uid      502
                   gid      505
      }
}

The above syntax would cause the MPIO device nodes in /dev/mapper to receive the designated uid, gid and mode assignments, which would then allow the appropriate access to the device.

In SLES11 SP2, device-mapper has been integrated with udev. This allows for greater flexibility in device node creation, as udev rules can be leveraged. This synchronization with udev also prevents race conditions when device changes take place while udev rules are in progress. Udev integration also causes the device nodes in /dev/mapper to be changed to symlinks, and the actual device nodes are now located in /dev/ (as dm-* devices). In order to set permissions on these devices, udev rules must be used.

The sample device-mapper permissions udev rules file is /usr/share/doc/packages/device-mapper/12-dm-permissions.rules. This file can be copied to /etc/udev/rules and modified as needed. In order to convert the example multipath.conf permissions above to udev syntax, the following entry should exist in the 12-dm-permissions.rules file, before the LABEL="dm_end" line:

 ENV{DM_UUID}=="ora?*", OWNER:="grid", GROUP:="oinstall", MODE:="660"

Udev rules are extremely flexible. For advanced rules, a complete list of fields which can be used to identify devices can be found using:

    udevadm info --query=all --path=/sys/block/dm-1

(Replace "dm-1" with the appropriate device mapper node.)

After implementing a custom permission change, flush and rebuild the multipath maps, then check permissions on the appropriate /dev/dm-* device.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010571
  • Creation Date:03-AUG-12
  • Modified Date:01-OCT-12
    • SUSESUSE Linux Enterprise Server

Did this document solve your problem? Provide Feedback