I'm re-building an internal-only archiving appliance that uses html/php to control LTO 4&6 drives.
For testing purposes, apache has been granted full, no password access in /etc/sudoers (apache ALL=(ALL) NOPASSWD: ALL). SELINUX is disabled.
This will all be hardened after everything starts working.
----------------------------------------
The weirdness is below:
[root@archive bin]# runuser -l apache -c '/bin/mt -f /dev/nst0 status'
SCSI 2 tape drive:
File number=0, block number=0, partition=0.
Tape block size 0 bytes. Density code 0x46 (LTO-4).
Soft error count since last status=0
General status bits on (41010000):
BOT ONLINE IM_REP_EN
[root@archive bin]# runuser -l apache -c '/bin/mt -f /dev/nst1 status'
/dev/nst1: Permission denied
[root@archive bin]# /bin/mt -f /dev/nst1 status
SCSI 2 tape drive:
File number=-1, block number=-1, partition=0.
Tape block size 0 bytes. Density code 0x0 (default).
Soft error count since last status=0
General status bits on (50000):
DR_OPEN IM_REP_EN
----------------------------------------
TLDR:
If there's a tape in the LTO4 drive, the status is returned correctly from PHP running 'mt -f [dev] status'. "Permission denied" is returned if there is no tape in the LTO4 drive, or the drive is LTO6. The terminal displays the expected behavior.
Versions:
CentOS 7,3.10.0-229.7.2.el7.x86_64
sudo.x86_64, 1.8.6p7-13.el7
httpd.x86_64, 2.4.6-31.el7.centos
php.x86_64, 5.4.16-36.el7_1
mt-st.x86_64, 1.1-13.el7
Any ideas would be greatly appreciated.