1

Using

dmidecode -s system-uuid

I get back:

/sys/firmware/dmi/tables/smbios_entry_point: Permission denied
/dev/mem: Permission denied

With sudo and the admin password, no problem.

I want to use the UUID in a python script to identify the local machine on the webserver's database, but this local script should not run with admin permissions and I do not want to hard-code credentials. What can I do?

Is there a pure python way, similar to machineId = os.popen("cat /etc/machine-id").read() ?

Extended questions

  1. The output of dmidecode -s system-uuid has the same value as /sys/devices/virtual/dmi/id/product_uuid which is a file with 400 permission. I changed it for testing purposes to 444 and now I can read it without admin rights. Can this be a risk? If not, problem solved.

  2. Are product-uuid AND system-uuid the same, only named differently? How is it calculated? On every boot again? Will this value stored in /sys/devices/virtual/dmi/id/product_uuid be changed and overwritten, if the entire disk is a dd clone and running on a new/different mainboard?

The reason not to use machine-id is, that as far as I know, the machine-id is not changed / overwritten when the entire system is cloned via dd and used on another mainboard. I am developing a multipoint point of sale system with a bunch of the same computers with the same disk images, for service simplification. But each of them must be / is registered in the customer's dashboard and is assigned to different tasks.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
ddlab
  • 153
  • 9

1 Answers1

1

The pure Python way is to read the file, which requires appripriate permissions as you noticed. There’s no particular risk associated with changing the file permissions, unless you consider the UUID to be privileged information; but you’d have to change the permissions every time the system boots.

dmidecode -s system-uuid and /sys/devices/virtual/dmi/id/product_uuid represent the same information, stored in the system firmware and theoretically unique (but not guaranteed to be unique, some manufacturers don’t set the field appropriately).

I would recommend using /etc/machine-id instead; just ensure that your system cloning process deletes it. See Is it OK to change /etc/machine-id? for details.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • Hello Stephen. I played around with these options. Machine-id doesn't meet my intention, as I DON'T want to have a changing ID, but ID needs to be unique, even if system disk is changed. This is what machine-id cannot provide.BTW: My approach to CHMOD product_uuid to 444 fails, because it it obviously rewritten / overwritten at every boot time, ends up in 400 perms again :-( – ddlab Nov 20 '21 at 20:03
  • Finally I got it running. I activated rc-local.service and added this chmod one liner to it. Now I have a product_uuid file with 444 perms after each boot. This satisfies my intentions to identify each machine in the network. Yieha ! Appreciate your help anyway. +1 – ddlab Nov 21 '21 at 18:21
  • You’re welcome! Have you checked the various `asset_tag` files alongside `product_uuid`? They’re world-readable by default and should also contain unique identifiers. – Stephen Kitt Nov 21 '21 at 18:36
  • 1
    Yes I did, but a lot of these entries are showing only "default string", not such useful :-) – ddlab Nov 21 '21 at 18:40