Bug 103601

Summary: reading computer serial number as non-root user not possible
Product: File System Reporter: René Genz (liebundartig)
Component: SysFSAssignee: Greg Kroah-Hartman (greg)
Status: NEW ---    
Severity: normal CC: christian.rohmann, sergey, szg00000
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.1.4-200 Subsystem:
Regression: No Bisected commit-id:

Description René Genz 2015-08-27 19:16:54 UTC
I filed this bug report downstream at:
https://bugzilla.redhat.com/show_bug.cgi?id=1257322
and was asked to report upstream. Here we go :)


Description of problem:
Trying to find out serial number of computer without root permissions fails.

In the directory:
/sys/devices/virtual/dmi/id

the files:
board_serial
chassis_serial
product_serial

provide that information, but they are not world-readable.
Accessing the files fails for non-root users.
Excluding product_uuid, all other files in the directory are world-readable.


$ cat /sys/devices/virtual/dmi/id/{board_serial,chassis_serial,product_serial}
cat: /sys/devices/virtual/dmi/id/...: Permission denied

$ dmidecode -s system-serial-number
/dev/mem: Permission denied


Expected results:
display serial numbers of computer


Additional Info:
What is the rational for making the files containing the serial numbers not world-readable?
Alternative solution, that require root permissions for installation of programs, are listed at: http://stackoverflow.com/questions/20206474/extract-the-linux-serial-number-without-sudo
Comment 1 Greg Kroah-Hartman 2015-08-28 18:15:45 UTC
On Thu, Aug 27, 2015 at 07:16:54PM +0000, bugzilla-daemon@bugzilla.kernel.org wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=103601
> 
>             Bug ID: 103601
>            Summary: reading computer serial number as non-root user not
>                     possible

This is as-designed, glad to see it works properly :)
Comment 2 René Genz 2015-09-09 06:10:19 UTC
I would like to understand the reasoning for the design, making the serial number not accessible for regular users.
The document I found could not answer this:
https://www.kernel.org/pub/linux/kernel/people/mochel/doc/papers/ols-2005/mochel.pdf

Can you give me a pointer, please?

Comparing to other operating systems:
to retrieve the serial number you can execute as regular user in terminal:
- in Windows 'wmic bios get serialnumber'
- in Mac OS X 'system_profiler |grep "r (system)"' (faster: About This Mac -- Overview -- Serial Number)
Comment 3 Greg Kroah-Hartman 2015-09-09 12:40:49 UTC
On Wed, Sep 09, 2015 at 06:10:19AM +0000, bugzilla-daemon@bugzilla.kernel.org wrote:
> I would like to understand the reasoning for the design, making the serial
> number not accessible for regular users.

As I was not the original author of the sysfs you are curious about, I
have no idea.  Or even if I was, I have no idea either, it was done a
long time ago.

> The document I found could not answer this:
>
> https://www.kernel.org/pub/linux/kernel/people/mochel/doc/papers/ols-2005/mochel.pdf

That paper isn't going to detail the file permissions of each sysfs
file, no paper will.

> Can you give me a pointer, please?
> 
> Comparing to other operating systems:
> to retrieve the serial number you can execute as regular user in terminal:
> - in Windows 'wmic bios get serialnumber'
> - in Mac OS X 'system_profiler |grep "r (system)"' (faster: About This Mac --
> Overview -- Serial Number)

Linux is a multi-user operating system, permissions are different for
system-level things like this.

Is this causing some sort of problem for users?
Comment 4 René Genz 2015-09-09 20:50:14 UTC
It is something between problem and inconvenience.
My use case is (on the sending and the receiving side):
user generated requests for help which contain basic information about hardware (manufacturer, model, and system serial number)

Since the original reasoning seems to be lost in the course of time, we have to rely on current knowledge.
Is there a risk making the files - that contain the system serial number - world readable?
Comment 5 Sergey V. Lobanov 2020-05-17 18:37:10 UTC
Hello Greg,

This issue is still actual. It's a problem for any system that collecting server inventory information (this is a typical function for many monitoring systems). I'm using zabbix, zabbix-agent runs under normal (non-root) user so it cannot collect server serial number so it is no possible to get server inventory without root privileges.

I can not see any reason to limit non-root user from reading serial number of a server.