Here is some additional info from the log file: heartbeat[5555]: 2008/06/18_14:38:16 info: respawn directive: root /usr/lib/heartbeat/lrmd -r heartbeat[5556]: 2008/06/18_14:38:18 info: Starting child client "/usr/lib/heartbeat/lrmd -r" (0,0) heartbeat[5569]: 2008/06/18_14:38:18 info: Starting "/usr/lib/heartbeat/lrmd -r" as uid 0 gid 0 (pid 5569)
Why would it start a child process as root? On Wed, Jun 18, 2008 at 11:26 AM, Edward Capriolo <[EMAIL PROTECTED]> wrote: > One thing to look out for with any RPM based installation is sometimes > the password file can get locked. /etc/password.lock ..If you you > install something the appropriate users are not created. This by > chance happened to me once when installing heartbeat. Make sure that > is not the case. > > On Wed, Jun 18, 2008 at 12:51 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote: >> On Wed, Jun 18, 2008 at 10:45 AM, Dejan Muhamedagic <[EMAIL PROTECTED]> >> wrote: >>> Hi, >>> >>> On Wed, Jun 18, 2008 at 09:09:15AM -0600, Serge Dubrouski wrote: >>>> There was this question already but I don;t recall what was the >>>> answer. Heartbeat used to run lrmd, stonithd and some other heartbeat >>>> daemons as nobody user. Pacemaker runs them as root. Why is that? >>>> Isn't it the downgrade from security point of view? >>> >>> Both lrmd and stonithd drop privileges themselves. Where did you >>> observe that they run as root? BTW, there was a bug in cl_log >>> (see LF 1871) which would raise privileges back. That bug has >>> been fixed in April this year (cs: fce950f0fcc8). That's >>> post-2.1.3. >> >> Pacemaker: >> >> >> $ ps -ef | grep heartbeat >> root 12252 1 0 Jun02 ? 00:00:00 heartbeat: master >> control process >> root 12255 12252 0 Jun02 ? 00:00:00 heartbeat: FIFO reader >> root 12256 12252 0 Jun02 ? 00:00:00 heartbeat: write: mcast eth1 >> root 12257 12252 0 Jun02 ? 00:00:00 heartbeat: read: mcast eth1 >> root 12258 12252 0 Jun02 ? 00:00:00 heartbeat: write: ping >> 192.168.2.1 >> root 12259 12252 0 Jun02 ? 00:00:00 heartbeat: read: ping >> 192.168.2.1 >> root 12262 12252 0 Jun02 ? 00:00:00 >> /usr/lib/heartbeat/pingd -m 100 -d 1s >> hacluster 12263 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/ccm >> hacluster 12264 12252 0 Jun02 ? 00:00:07 /usr/lib/heartbeat/cib >> root 12265 12252 0 Jun02 ? 00:00:06 /usr/lib/heartbeat/lrmd -r >> root 12266 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/stonithd >> hacluster 12267 12252 0 Jun02 ? 00:00:00 >> /usr/lib/heartbeat/attrd >> hacluster 12268 12252 0 Jun02 ? 00:00:00 /usr/lib/heartbeat/crmd >> >> >> >> Heartbeat 2.1.3: >> $ ps -ef | grep heartbeat >> root 19776 1 0 Apr19 ? 00:00:15 heartbeat: master >> control process >> nobody 19778 19776 0 Apr19 ? 00:00:00 heartbeat: FIFO reader >> nobody 19779 19776 0 Apr19 ? 00:00:08 heartbeat: write: mcast eth1 >> nobody 19780 19776 0 Apr19 ? 00:01:12 heartbeat: read: mcast eth1 >> nobody 19781 19776 0 Apr19 ? 00:05:42 heartbeat: write: ping >> 10.1.64.1 >> nobody 19782 19776 0 Apr19 ? 00:02:49 heartbeat: read: ping >> 10.1.64.1 >> root 19785 19776 0 Apr19 ? 00:00:00 >> /usr/lib/heartbeat/pingd -m 100 -d 1s >> hacluster 19786 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/ccm >> hacluster 19787 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/cib >> nobody 19788 19776 0 Apr19 ? 00:03:59 /usr/lib/heartbeat/lrmd -r >> nobody 19789 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/stonithd >> hacluster 19790 19776 0 Apr19 ? 00:00:00 >> /usr/lib/heartbeat/attrd >> hacluster 19791 19776 0 Apr19 ? 00:00:00 >> /usr/lib/heartbeat/crmd >> root 19792 19776 0 Apr19 ? 00:00:00 /usr/lib/heartbeat/mgmtd -v >> >>> >>> Thanks, >>> >>> Dejan >>> _______________________________________________ >>> Linux-HA mailing list >>> [email protected] >>> http://lists.linux-ha.org/mailman/listinfo/linux-ha >>> See also: http://linux-ha.org/ReportingProblems >>> >> >> >> >> -- >> Serge Dubrouski. >> _______________________________________________ >> Linux-HA mailing list >> [email protected] >> http://lists.linux-ha.org/mailman/listinfo/linux-ha >> See also: http://linux-ha.org/ReportingProblems >> > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > -- Serge Dubrouski. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
