One thing to look out for with any RPM based installation is sometimes the password file can get locked. /etc/password.lock ..If you you install something the appropriate users are not created. This by chance happened to me once when installing heartbeat. Make sure that is not the case.
On Wed, Jun 18, 2008 at 12:51 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > On Wed, Jun 18, 2008 at 10:45 AM, Dejan Muhamedagic <[EMAIL PROTECTED]> wrote: >> Hi, >> >> On Wed, Jun 18, 2008 at 09:09:15AM -0600, Serge Dubrouski wrote: >>> There was this question already but I don;t recall what was the >>> answer. Heartbeat used to run lrmd, stonithd and some other heartbeat >>> daemons as nobody user. Pacemaker runs them as root. Why is that? >>> Isn't it the downgrade from security point of view? >> >> Both lrmd and stonithd drop privileges themselves. Where did you >> observe that they run as root? BTW, there was a bug in cl_log >> (see LF 1871) which would raise privileges back. That bug has >> been fixed in April this year (cs: fce950f0fcc8). That's >> post-2.1.3. > > Pacemaker: > > > $ ps -ef | grep heartbeat > root 12252 1 0 Jun02 ? 00:00:00 heartbeat: master > control process > root 12255 12252 0 Jun02 ? 00:00:00 heartbeat: FIFO reader > root 12256 12252 0 Jun02 ? 00:00:00 heartbeat: write: mcast eth1 > root 12257 12252 0 Jun02 ? 00:00:00 heartbeat: read: mcast eth1 > root 12258 12252 0 Jun02 ? 00:00:00 heartbeat: write: ping > 192.168.2.1 > root 12259 12252 0 Jun02 ? 00:00:00 heartbeat: read: ping > 192.168.2.1 > root 12262 12252 0 Jun02 ? 00:00:00 > /usr/lib/heartbeat/pingd -m 100 -d 1s > hacluster 12263 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/ccm > hacluster 12264 12252 0 Jun02 ? 00:00:07 /usr/lib/heartbeat/cib > root 12265 12252 0 Jun02 ? 00:00:06 /usr/lib/heartbeat/lrmd -r > root 12266 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/stonithd > hacluster 12267 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/attrd > hacluster 12268 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/crmd > > > > Heartbeat 2.1.3: > $ ps -ef | grep heartbeat > root 19776 1 0 Apr19 ? 00:00:15 heartbeat: master > control process > nobody 19778 19776 0 Apr19 ? 00:00:00 heartbeat: FIFO reader > nobody 19779 19776 0 Apr19 ? 00:00:08 heartbeat: write: mcast eth1 > nobody 19780 19776 0 Apr19 ? 00:01:12 heartbeat: read: mcast eth1 > nobody 19781 19776 0 Apr19 ? 00:05:42 heartbeat: write: ping > 10.1.64.1 > nobody 19782 19776 0 Apr19 ? 00:02:49 heartbeat: read: ping > 10.1.64.1 > root 19785 19776 0 Apr19 ? 00:00:00 > /usr/lib/heartbeat/pingd -m 100 -d 1s > hacluster 19786 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/ccm > hacluster 19787 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/cib > nobody 19788 19776 0 Apr19 ? 00:03:59 /usr/lib/heartbeat/lrmd -r > nobody 19789 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/stonithd > hacluster 19790 19776 0 Apr19 ? 00:00:00 > /usr/lib/heartbeat/attrd > hacluster 19791 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/crmd > root 19792 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/mgmtd -v > >> >> Thanks, >> >> Dejan >> _______________________________________________ >> Linux-HA mailing list >> [email protected] >> http://lists.linux-ha.org/mailman/listinfo/linux-ha >> See also: http://linux-ha.org/ReportingProblems >> > > > > -- > Serge Dubrouski. > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
