I already merged your previous patch. Can you rework the defines into a
new patch? Thanks!
Regards
-steve
On Wed, 2009-04-01 at 12:30 +0200, Jan Friesse wrote:
> Attached is patch with included suggested changes.
>
> Thanks Jim.
>
> Jim Meyering wrote:
> > Jan Friesse wrote:
> >> Attached patch solves problem with running corosync as ais user.
> >>
> >> Main problem was hidden in reading aisexec section. If this section
> >> exists in corosync.conf, everything works, but in other cases,
> >> main_config->uid/gid are initialized to 0 (so only root:root) can run
> >> corosync.
> >>
> >> Another problem, what this patch fixes is documentation of
> >> corosync.conf, so now aisexec section is documented (at least user and
> >> group).
> >>
> >> Index: exec/mainconfig.c
> >> ===================================================================
> >> --- exec/mainconfig.c (revision 1975)
> >> +++ exec/mainconfig.c (working copy)
> >> @@ -352,6 +352,10 @@
> >> main_config->gid = gid_determine(value);
> >> } else
> >> main_config->gid = gid_determine("ais");
> >> + } else {
> >> + /*We don't find object aisexec, but we allow ais user/group to
> >> run corosync*/
> >> + main_config->uid = uid_determine("ais");
> >> + main_config->gid = gid_determine("ais");
> >
> > Those two added uses of "ais" bring the total to 4.
> > Maybe factor them out into e.g., this?
> >
> > #define DEFAULT_AIS_USER_NAME "ais"
> > #define DEFAULT_AIS_GROUP_NAME "ais"
> >
> >
> >> Index: man/corosync.conf.5
> >> ===================================================================
> >> --- man/corosync.conf.5 (revision 1975)
> >> +++ man/corosync.conf.5 (working copy)
> >> @@ -55,6 +55,9 @@
> >> .TP
> >> event { }
> >> This top level directive contains configuration options for the event
> >> service.
> >> +.TP
> >> +aisexec { }
> >> +This top level directive contains configuration options for user
> >> privilegies.
> >
> > s/ies/es/
> >
> >> .PP
> >> .PP
> >> @@ -496,6 +499,20 @@
> >>
> >> The default is none.
> >>
> >> +.PP
> >> +Within the
> >> +.B aisexec
> >> +directive, there are two configuration options which are all optional:
> >> +.TP
> >> +user
> >> +.TP
> >> +group
> >> +These specify the user and group, which is able to run and use corosync.
> >> +In any case, this is able to do root:root. But if you don't want run
> >
> > s/run/to run/
> >
> >> +corosync as root, you can use this directives.
> >
> > s/this/these/
> >
> >> +
> >> +The default is ais.
> >> +
> >> .SH "FILES"
> >> .TP
> >> /etc/corosync.conf
> >> _______________________________________________
> >> Openais mailing list
> >> [email protected]
> >> https://lists.linux-foundation.org/mailman/listinfo/openais
>
> plain text document attachment (run_as_ais.patch)
> Index: exec/mainconfig.c
> ===================================================================
> --- exec/mainconfig.c (revision 1975)
> +++ exec/mainconfig.c (working copy)
> @@ -346,12 +346,16 @@
> if (!objdb_get_string (objdb,object_service_handle, "user",
> &value)) {
> main_config->uid = uid_determine(value);
> } else
> - main_config->uid = uid_determine("ais");
> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
>
> if (!objdb_get_string (objdb,object_service_handle, "group",
> &value)) {
> main_config->gid = gid_determine(value);
> } else
> - main_config->gid = gid_determine("ais");
> + main_config->gid =
> gid_determine(DEFAULT_AIS_GROUP_NAME);
> + } else {
> + /*We don't find object aisexec, but we allow ais user/group to
> run corosync*/
> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
> + main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
> }
>
> objdb->object_find_destroy (object_find_handle);
> Index: exec/mainconfig.h
> ===================================================================
> --- exec/mainconfig.h (revision 1975)
> +++ exec/mainconfig.h (working copy)
> @@ -49,6 +49,9 @@
> };
> #define MAX_DYNAMIC_SERVICES 128
>
> +#define DEFAULT_AIS_USER_NAME "ais"
> +#define DEFAULT_AIS_GROUP_NAME "ais"
> +
> struct main_config {
> /*
> * logging configuration
> Index: man/corosync.conf.5
> ===================================================================
> --- man/corosync.conf.5 (revision 1975)
> +++ man/corosync.conf.5 (working copy)
> @@ -55,6 +55,9 @@
> .TP
> event { }
> This top level directive contains configuration options for the event
> service.
> +.TP
> +aisexec { }
> +This top level directive contains configuration options for user privileges.
>
> .PP
> .PP
> @@ -496,6 +499,20 @@
>
> The default is none.
>
> +.PP
> +Within the
> +.B aisexec
> +directive, there are two configuration options which are all optional:
> +.TP
> +user
> +.TP
> +group
> +These specify the user and group, which is able to run and use corosync.
> +In any case, this is able to do root:root. But if you don't want to run
> +corosync as root, you can use these directives.
> +
> +The default is ais.
> +
> .SH "FILES"
> .TP
> /etc/corosync.conf
> _______________________________________________
> Openais mailing list
> [email protected]
> https://lists.linux-foundation.org/mailman/listinfo/openais
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
