On Wed, Jun 18, 2008 at 02:48:15PM -0600, Serge Dubrouski wrote:
> So I digged little bit more and here is what I found:
>
> lib/clpluming/uids.c file has the following code:
>
> #if defined(HAVE_SETEUID) && defined(HAVE_SETEGID) && \
> defined(_POSIX_SAVED_IDS)
> # define CAN_DROP_PRIVS 1
>
> #endif
>
>
> #ifndef CAN_DROP_PRIVS
> int drop_privs(uid_t uid, gid_t gid) { return 0; }
> int return_to_orig_privs(void) { return 0; }
> int return_to_dropped_privs(void) { return 0; }
> int cl_have_full_privs(void) { return 0; }
> #else
>
> In the old Heartebeat packaging HAVE_SETEUID and HAVE_SETEGID where
> defined in include/config.h. In the new packaging that file does not
> exist.
Hmm, I don't think that that file is packaged. It's just created
during the configuration phase by configure for the build stage.
> So drop_privs defaults into "return 0;" and those daemons never
> switch to "nobody" user. Any ideas on this change?
That should depend on the configuration phase on the build host.
> Sources for new Heartbeat were taken from here:
> http://download.opensuse.org/repositories/server:/ha-clustering/Fedora_6/src/
>
> On Wed, Jun 18, 2008 at 1:01 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
> > On Wed, Jun 18, 2008 at 12:55 PM, Andrew Beekhof <[EMAIL PROTECTED]> wrote:
> >> On Wed, Jun 18, 2008 at 18:51, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
> >>> On Wed, Jun 18, 2008 at 10:45 AM, Dejan Muhamedagic <[EMAIL PROTECTED]>
> >>> wrote:
> >>>> Hi,
> >>>>
> >>>> On Wed, Jun 18, 2008 at 09:09:15AM -0600, Serge Dubrouski wrote:
> >>>>> There was this question already but I don;t recall what was the
> >>>>> answer. Heartbeat used to run lrmd, stonithd and some other heartbeat
> >>>>> daemons as nobody user. Pacemaker runs them as root.
> >>
> >> Actually Pacemaker doesn't ever run them as root.
> >> I can say this quite confidently since these daemons are spawned by
> >> Heartbeat not Pacemaker :-)
> >
> > I know that. The reason why I said Pacemaker is just it started to
> > happen after switching form old packaging to the new one.
> >
> >>
> >> Whatever the change causing the behavior you're seeing, its not in the
> >> Pacemaker code.
> >
> > Then something has changed in the way how heartbeat/heartbeat-common
> > packages get installed on the system. It looks like Alan doesn't
> > support those packages anymore so I ask here.
> >
> >> _______________________________________________
> >> Linux-HA mailing list
> >> [email protected]
> >> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> >> See also: http://linux-ha.org/ReportingProblems
> >>
> >
> >
> >
> > --
> > Serge Dubrouski.
> >
>
>
>
> --
> Serge Dubrouski.
> _______________________________________________
> Linux-HA mailing list
> [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
