5

I want to monitor some hardware-related data on a headless CentOS6 server. More specifically, things like voltages, fan speeds, thermal data...

Since the server is headless, the best way I found to do this is through a php script that would format results from ipmitool in a nice manner.

Of course, the webserver user is not root, that would be bad. Sadly, it seems a non-root user has no rights to access /dev/ipmi*, which also makes sense.

Running ipmitool -U "someUser" -P "somePassword" sdr gives me the expected readings as root, but returns 

Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Get Device ID command failed
Unable to open SDR for reading

when I'm logged in as the webserver.

I searched a bit here and there, and was interested in devfs.rules, but it seems it's not present on CentOS6, and I'm not familiar with mounting /dev-related things anyway.

Could anyone point me in the right direction ?

Silver Quettier
  • 503
  • 2
  • 6
  • 14

1 Answers1

6

/dev/ipmi* is usually restricted to root only as you've found. Your options for running ipmitool as a non-root user are (in rough order of my personal preference):

  1. Use sudo (you can create an entry in sudoers specifically for people who should be allowed to run just ipmitool if you don't want to also give them generally unrestricted sudo access)

  2. Modify your udev rules so the device is accessible by another user/group (I do not know where the udev rules are kept on CentOS 6, but look around under /etc for something that fits the bill). This is the same approach as editing devfs.rules - The CentOS documentation will lead you in the right direction and this page (or some creative googling) will help you out with the udev syntax. (I'd give you pointers but I'm barely conversant in it myself :x)

  3. Connect to the IPMI interface over the network (if your IPMI interface supports this).
    This may require burning a network interface and crossover cable, or connecting the IPMI card to your network, which is why it's so low on the list.

  4. Make ipmitool setuid-root.
    (Yeah. Don't do that. It's generally a bad idea and terrible advice - pretend I didn't mention it.)

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • Thanks for your detailed answer. I thought of sudoing but it seems sudoing in a script is not too easy. Even with `sudo -tt ipmitool blah` and a properly set sudoers file (Commented out `Requiretty` and added `ipmitool` as a `NOPASSWD:`-accessible command), it seems I'm blocked by the old `no tty present and no askpass program specified`. I will poke around a bit more but will try the next idea on the list if I can't succeed :) – Silver Quettier Feb 09 '12 at 19:32
  • Nevermind my comment. I was being dumb and defined sudo permissions for the wrong user. It's all good now. Thanks for your hints :) – Silver Quettier Feb 09 '12 at 21:53