Attached is patch with included suggested changes.
Thanks Jim.
Jim Meyering wrote:
> Jan Friesse wrote:
>> Attached patch solves problem with running corosync as ais user.
>>
>> Main problem was hidden in reading aisexec section. If this section
>> exists in corosync.conf, everything works, but in other cases,
>> main_config->uid/gid are initialized to 0 (so only root:root) can run
>> corosync.
>>
>> Another problem, what this patch fixes is documentation of
>> corosync.conf, so now aisexec section is documented (at least user and
>> group).
>>
>> Index: exec/mainconfig.c
>> ===================================================================
>> --- exec/mainconfig.c (revision 1975)
>> +++ exec/mainconfig.c (working copy)
>> @@ -352,6 +352,10 @@
>> main_config->gid = gid_determine(value);
>> } else
>> main_config->gid = gid_determine("ais");
>> + } else {
>> + /*We don't find object aisexec, but we allow ais user/group to
>> run corosync*/
>> + main_config->uid = uid_determine("ais");
>> + main_config->gid = gid_determine("ais");
>
> Those two added uses of "ais" bring the total to 4.
> Maybe factor them out into e.g., this?
>
> #define DEFAULT_AIS_USER_NAME "ais"
> #define DEFAULT_AIS_GROUP_NAME "ais"
>
>
>> Index: man/corosync.conf.5
>> ===================================================================
>> --- man/corosync.conf.5 (revision 1975)
>> +++ man/corosync.conf.5 (working copy)
>> @@ -55,6 +55,9 @@
>> .TP
>> event { }
>> This top level directive contains configuration options for the event
>> service.
>> +.TP
>> +aisexec { }
>> +This top level directive contains configuration options for user
>> privilegies.
>
> s/ies/es/
>
>> .PP
>> .PP
>> @@ -496,6 +499,20 @@
>>
>> The default is none.
>>
>> +.PP
>> +Within the
>> +.B aisexec
>> +directive, there are two configuration options which are all optional:
>> +.TP
>> +user
>> +.TP
>> +group
>> +These specify the user and group, which is able to run and use corosync.
>> +In any case, this is able to do root:root. But if you don't want run
>
> s/run/to run/
>
>> +corosync as root, you can use this directives.
>
> s/this/these/
>
>> +
>> +The default is ais.
>> +
>> .SH "FILES"
>> .TP
>> /etc/corosync.conf
>> _______________________________________________
>> Openais mailing list
>> [email protected]
>> https://lists.linux-foundation.org/mailman/listinfo/openais
Index: exec/mainconfig.c
===================================================================
--- exec/mainconfig.c (revision 1975)
+++ exec/mainconfig.c (working copy)
@@ -346,12 +346,16 @@
if (!objdb_get_string (objdb,object_service_handle, "user",
&value)) {
main_config->uid = uid_determine(value);
} else
- main_config->uid = uid_determine("ais");
+ main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
if (!objdb_get_string (objdb,object_service_handle, "group",
&value)) {
main_config->gid = gid_determine(value);
} else
- main_config->gid = gid_determine("ais");
+ main_config->gid =
gid_determine(DEFAULT_AIS_GROUP_NAME);
+ } else {
+ /*We don't find object aisexec, but we allow ais user/group to
run corosync*/
+ main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
+ main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
}
objdb->object_find_destroy (object_find_handle);
Index: exec/mainconfig.h
===================================================================
--- exec/mainconfig.h (revision 1975)
+++ exec/mainconfig.h (working copy)
@@ -49,6 +49,9 @@
};
#define MAX_DYNAMIC_SERVICES 128
+#define DEFAULT_AIS_USER_NAME "ais"
+#define DEFAULT_AIS_GROUP_NAME "ais"
+
struct main_config {
/*
* logging configuration
Index: man/corosync.conf.5
===================================================================
--- man/corosync.conf.5 (revision 1975)
+++ man/corosync.conf.5 (working copy)
@@ -55,6 +55,9 @@
.TP
event { }
This top level directive contains configuration options for the event service.
+.TP
+aisexec { }
+This top level directive contains configuration options for user privileges.
.PP
.PP
@@ -496,6 +499,20 @@
The default is none.
+.PP
+Within the
+.B aisexec
+directive, there are two configuration options which are all optional:
+.TP
+user
+.TP
+group
+These specify the user and group, which is able to run and use corosync.
+In any case, this is able to do root:root. But if you don't want to run
+corosync as root, you can use these directives.
+
+The default is ais.
+
.SH "FILES"
.TP
/etc/corosync.conf
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais