Re: [Linux-HA] Pacemaker runs daemons as root

Serge Dubrouski Wed, 18 Jun 2008 09:58:05 -0700

On Wed, Jun 18, 2008 at 10:45 AM, Dejan Muhamedagic <[EMAIL PROTECTED]> wrote:
> Hi,
>
> On Wed, Jun 18, 2008 at 09:09:15AM -0600, Serge Dubrouski wrote:
>> There was this question already but I don;t recall what was the
>> answer. Heartbeat used to run lrmd, stonithd and some other heartbeat
>> daemons as nobody user. Pacemaker runs them as root. Why is that?
>> Isn't it the downgrade from security point of view?
>
> Both lrmd and stonithd drop privileges themselves. Where did you
> observe that they run as root? BTW, there was a bug in cl_log
> (see LF 1871) which would raise privileges back. That bug has
> been fixed in April this year (cs: fce950f0fcc8). That's
> post-2.1.3.


Pacemaker:


$ ps -ef | grep heartbeat
root     12252     1  0 Jun02 ?        00:00:00 heartbeat: master
control process
root     12255 12252  0 Jun02 ?        00:00:00 heartbeat: FIFO reader
root     12256 12252  0 Jun02 ?        00:00:00 heartbeat: write: mcast eth1
root     12257 12252  0 Jun02 ?        00:00:00 heartbeat: read: mcast eth1
root     12258 12252  0 Jun02 ?        00:00:00 heartbeat: write: ping
192.168.2.1
root     12259 12252  0 Jun02 ?        00:00:00 heartbeat: read: ping
192.168.2.1
root     12262 12252  0 Jun02 ?        00:00:00
/usr/lib/heartbeat/pingd -m 100 -d 1s
hacluster      12263 12252  0 Jun02 ?        00:00:00 /usr/lib/heartbeat/ccm
hacluster      12264 12252  0 Jun02 ?        00:00:07 /usr/lib/heartbeat/cib
root     12265 12252  0 Jun02 ?        00:00:06 /usr/lib/heartbeat/lrmd -r
root     12266 12252  0 Jun02 ?        00:00:00 /usr/lib/heartbeat/stonithd
hacluster      12267 12252  0 Jun02 ?        00:00:00 /usr/lib/heartbeat/attrd
hacluster      12268 12252  0 Jun02 ?        00:00:00 /usr/lib/heartbeat/crmd



Heartbeat 2.1.3:
$ ps -ef | grep heartbeat
root     19776     1  0 Apr19 ?        00:00:15 heartbeat: master
control process
nobody   19778 19776  0 Apr19 ?        00:00:00 heartbeat: FIFO reader
nobody   19779 19776  0 Apr19 ?        00:00:08 heartbeat: write: mcast eth1
nobody   19780 19776  0 Apr19 ?        00:01:12 heartbeat: read: mcast eth1
nobody   19781 19776  0 Apr19 ?        00:05:42 heartbeat: write: ping 10.1.64.1
nobody   19782 19776  0 Apr19 ?        00:02:49 heartbeat: read: ping 10.1.64.1
root     19785 19776  0 Apr19 ?        00:00:00
/usr/lib/heartbeat/pingd -m 100 -d 1s
hacluster       19786 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/ccm
hacluster       19787 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/cib
nobody   19788 19776  0 Apr19 ?        00:03:59 /usr/lib/heartbeat/lrmd -r
nobody   19789 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/stonithd
hacluster       19790 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/attrd
hacluster       19791 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/crmd
root     19792 19776  0 Apr19 ?        00:00:00 /usr/lib/heartbeat/mgmtd -v

>
> Thanks,
>
> Dejan
> _______________________________________________
> Linux-HA mailing list
> [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>



-- 
Serge Dubrouski.
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

Re: [Linux-HA] Pacemaker runs daemons as root

Reply via email to