Managing Core Dumps (user space)
We have a development environment that utilizes a standard of having multiple service accounts run several instances of the code...
sa0001
sa0002
etc...
Which we then set kernel params to dump the cores in a common location
kernel.core_pattern = /u01/core/core.%e.%p.%t
kernel.core_uses_pid = 1
Now - the issue I am facing.. the cores are written as 0600 and owned by the original process owner (which makes sense due to the sensitive nature of the dump data), however - the folks doing the analysis log in to the hosts as their own users and will have no permissions to manage the files.
I found the code (system call) which ignores any FACL applied to that directory as well.
- from do_coredump
file = filp_open(corename, O_CREAT | 2 | O_TRUNC | O_NOFOLLOW, 0600);
Has anyone else ran in to this issue and "dealt with it"? If so, how? ;-)
Responses
James,
I am experiencing something similar here. i am using nfs4, and rhel6 (are you using nfs4/rhel6?). Setting an ACL does not register to my client nfs systems. I tried this solution as well.
# added "acl" to the default mount options on the server
somesystem:/the/source /the/mountpoint ext4 all,the,options,comma,separated,acl 1 2
Are you using a SAN or NAS? if it is an appliance, that could cause a different layer of issues.
I checked
grep ACL /boot/config-`uname -r`
and did not see any NFS|NFSD v4, ACL directive.
edited
# abbreviated output, grep on ACL & NFS
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
I changed various settings in /etc/nfsmount.conf (including "Acl=True"), to no avail. I've also been dealing with a separate chmod/chown that silently fails as root on nfs4 vs. a SAN that has been annoying on rhel6. Tried the RH solution articles etc on that, still digging.
If you wanted to expand the permissions, and this is automated, perhaps a umask command before and a reset to the normal umask after?
By the way, what did you run to get that system call you cited:
file = filp_open(corename, O_CREAT | 2 | O_TRUNC | O_NOFOLLOW, 0600);
Your SAN, does it have mount/share options? Is it an appliance?
In digging for this, I've found other things to dig through, and it seems somewhat related to the other issue I've faced. If either of us finds something, let's certainly post here...
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
