On Wed, Jun 18, 2008 at 10:56:22PM +0200, Andrew Beekhof wrote: > On Wed, Jun 18, 2008 at 22:50, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > > On Wed, Jun 18, 2008 at 2:47 PM, Andrew Beekhof <[EMAIL PROTECTED]> wrote: > >> On Wed, Jun 18, 2008 at 20:43, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > >>> Here is some additional info from the log file: > >>> > >>> heartbeat[5555]: 2008/06/18_14:38:16 info: respawn directive: root > >>> /usr/lib/heartbeat/lrmd -r > >>> heartbeat[5556]: 2008/06/18_14:38:18 info: Starting child client > >>> "/usr/lib/heartbeat/lrmd -r" (0,0) > >>> heartbeat[5569]: 2008/06/18_14:38:18 info: Starting > >>> "/usr/lib/heartbeat/lrmd -r" as uid 0 gid 0 (pid 5569) > >>> > >>> Why would it start a child process as root? > >> > >> particularly for the lrmd - it must be run as root in order to be able > >> to run the RAs. > > > > On old systems it drops own privileges to "nobody" and still can > > control all those things, don;t know how. > > I think it asks for root privs back (return_to_orig_privs() ), spawns > the RA process and drops them again.
Right. It runs all the time as user nobody, then raises privileges when it's about to fork/exec a resource agent. > But as you pointed out, that only works if CAN_DROP_PRIVS is defined/working. I guess that this is the culprit. > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
