On Wed, Jun 18, 2008 at 22:50, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > On Wed, Jun 18, 2008 at 2:47 PM, Andrew Beekhof <[EMAIL PROTECTED]> wrote: >> On Wed, Jun 18, 2008 at 20:43, Serge Dubrouski <[EMAIL PROTECTED]> wrote: >>> Here is some additional info from the log file: >>> >>> heartbeat[5555]: 2008/06/18_14:38:16 info: respawn directive: root >>> /usr/lib/heartbeat/lrmd -r >>> heartbeat[5556]: 2008/06/18_14:38:18 info: Starting child client >>> "/usr/lib/heartbeat/lrmd -r" (0,0) >>> heartbeat[5569]: 2008/06/18_14:38:18 info: Starting >>> "/usr/lib/heartbeat/lrmd -r" as uid 0 gid 0 (pid 5569) >>> >>> Why would it start a child process as root? >> >> particularly for the lrmd - it must be run as root in order to be able >> to run the RAs. > > On old systems it drops own privileges to "nobody" and still can > control all those things, don;t know how.
I think it asks for root privs back (return_to_orig_privs() ), spawns the RA process and drops them again. But as you pointed out, that only works if CAN_DROP_PRIVS is defined/working. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
