Re: [Openais] [PATCH] Ability to run as ais user

Wed, 01 Apr 2009 10:58:20 -0700 

thanks for the patch!

merging

regards
-steve

On Wed, 2009-04-01 at 11:05 +0200, Jan Friesse wrote:
> Attached patch solves problem with running corosync as ais user.
> 
> Main problem was hidden in reading aisexec section. If this section
> exists in corosync.conf, everything works, but in other cases,
> main_config->uid/gid are initialized to 0 (so only root:root) can run
> corosync.
> 
> Another problem, what this patch fixes is documentation of
> corosync.conf, so now aisexec section is documented (at least user and
> group).
> 
> plain text document attachment (run_as_ais.patch)
> Index: exec/mainconfig.c
> ===================================================================
> --- exec/mainconfig.c (revision 1975)
> +++ exec/mainconfig.c (working copy)
> @@ -352,6 +352,10 @@
>                       main_config->gid = gid_determine(value);
>               } else
>                       main_config->gid = gid_determine("ais");
> +     } else {
> +             /*We don't find object aisexec, but we allow ais user/group to 
> run corosync*/
> +             main_config->uid = uid_determine("ais");
> +             main_config->gid = gid_determine("ais");
>       }
>  
>       objdb->object_find_destroy (object_find_handle);
> Index: man/corosync.conf.5
> ===================================================================
> --- man/corosync.conf.5       (revision 1975)
> +++ man/corosync.conf.5       (working copy)
> @@ -55,6 +55,9 @@
>  .TP
>  event { }
>  This top level directive contains configuration options for the event 
> service.
> +.TP
> +aisexec { }
> +This top level directive contains configuration options for user privilegies.
>  
>  .PP
>  .PP
> @@ -496,6 +499,20 @@
>  
>  The default is none.
>  
> +.PP
> +Within the
> +.B aisexec
> +directive, there are two configuration options which are all optional:
> +.TP
> +user
> +.TP
> +group
> +These specify the user and group, which is able to run and use corosync.
> +In any case, this is able to do root:root. But if you don't want run
> +corosync as root, you can use this directives.
> +
> +The default is ais.
> +
>  .SH "FILES"
>  .TP
>  /etc/corosync.conf
> _______________________________________________
> Openais mailing list
> [email protected]
> https://lists.linux-foundation.org/mailman/listinfo/openais

_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais

Reply via email to