Re: [Openais] [PATCH] Ability to run as ais user

Wed, 01 Apr 2009 03:32:24 -0700 

Attached is patch with included suggested changes.

Thanks Jim.

Jim Meyering wrote:
> Jan Friesse wrote:
>> Attached patch solves problem with running corosync as ais user.
>>
>> Main problem was hidden in reading aisexec section. If this section
>> exists in corosync.conf, everything works, but in other cases,
>> main_config->uid/gid are initialized to 0 (so only root:root) can run
>> corosync.
>>
>> Another problem, what this patch fixes is documentation of
>> corosync.conf, so now aisexec section is documented (at least user and
>> group).
>>
>> Index: exec/mainconfig.c
>> ===================================================================
>> --- exec/mainconfig.c        (revision 1975)
>> +++ exec/mainconfig.c        (working copy)
>> @@ -352,6 +352,10 @@
>>                      main_config->gid = gid_determine(value);
>>              } else
>>                      main_config->gid = gid_determine("ais");
>> +    } else {
>> +            /*We don't find object aisexec, but we allow ais user/group to 
>> run corosync*/
>> +            main_config->uid = uid_determine("ais");
>> +            main_config->gid = gid_determine("ais");
> 
> Those two added uses of "ais" bring the total to 4.
> Maybe factor them out into e.g., this?
> 
>   #define DEFAULT_AIS_USER_NAME "ais"
>   #define DEFAULT_AIS_GROUP_NAME "ais"
> 
> 
>> Index: man/corosync.conf.5
>> ===================================================================
>> --- man/corosync.conf.5      (revision 1975)
>> +++ man/corosync.conf.5      (working copy)
>> @@ -55,6 +55,9 @@
>>  .TP
>>  event { }
>>  This top level directive contains configuration options for the event 
>> service.
>> +.TP
>> +aisexec { }
>> +This top level directive contains configuration options for user 
>> privilegies.
> 
> s/ies/es/
> 
>>  .PP
>>  .PP
>> @@ -496,6 +499,20 @@
>>
>>  The default is none.
>>
>> +.PP
>> +Within the
>> +.B aisexec
>> +directive, there are two configuration options which are all optional:
>> +.TP
>> +user
>> +.TP
>> +group
>> +These specify the user and group, which is able to run and use corosync.
>> +In any case, this is able to do root:root. But if you don't want run
> 
> s/run/to run/
> 
>> +corosync as root, you can use this directives.
> 
> s/this/these/
> 
>> +
>> +The default is ais.
>> +
>>  .SH "FILES"
>>  .TP
>>  /etc/corosync.conf
>> _______________________________________________
>> Openais mailing list
>> [email protected]
>> https://lists.linux-foundation.org/mailman/listinfo/openais


Index: exec/mainconfig.c
===================================================================
--- exec/mainconfig.c   (revision 1975)
+++ exec/mainconfig.c   (working copy)
@@ -346,12 +346,16 @@
                if (!objdb_get_string (objdb,object_service_handle, "user", 
&value)) {
                        main_config->uid = uid_determine(value);
                } else
-                       main_config->uid = uid_determine("ais");
+                       main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
 
                if (!objdb_get_string (objdb,object_service_handle, "group", 
&value)) {
                        main_config->gid = gid_determine(value);
                } else
-                       main_config->gid = gid_determine("ais");
+                       main_config->gid = 
gid_determine(DEFAULT_AIS_GROUP_NAME);
+       } else {
+               /*We don't find object aisexec, but we allow ais user/group to 
run corosync*/
+               main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
+               main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
        }
 
        objdb->object_find_destroy (object_find_handle);
Index: exec/mainconfig.h
===================================================================
--- exec/mainconfig.h   (revision 1975)
+++ exec/mainconfig.h   (working copy)
@@ -49,6 +49,9 @@
 };
 #define MAX_DYNAMIC_SERVICES 128
 
+#define DEFAULT_AIS_USER_NAME "ais"
+#define DEFAULT_AIS_GROUP_NAME "ais"
+
 struct main_config {
        /*
         * logging configuration
Index: man/corosync.conf.5
===================================================================
--- man/corosync.conf.5 (revision 1975)
+++ man/corosync.conf.5 (working copy)
@@ -55,6 +55,9 @@
 .TP
 event { }
 This top level directive contains configuration options for the event service.
+.TP
+aisexec { }
+This top level directive contains configuration options for user privileges.
 
 .PP
 .PP
@@ -496,6 +499,20 @@
 
 The default is none.
 
+.PP
+Within the
+.B aisexec
+directive, there are two configuration options which are all optional:
+.TP
+user
+.TP
+group
+These specify the user and group, which is able to run and use corosync.
+In any case, this is able to do root:root. But if you don't want to run
+corosync as root, you can use these directives.
+
+The default is ais.
+
 .SH "FILES"
 .TP
 /etc/corosync.conf

_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais

Reply via email to