Re: [Openais] [PATCH] Ability to run as ais user

Thu, 02 Apr 2009 03:35:33 -0700 

Steven,
patch attached.

Regards,
  Honza

Steven Dake wrote:
> I already merged your previous patch.  Can you rework the defines into a
> new patch?  Thanks!
> 
> Regards
> -steve
> 
> On Wed, 2009-04-01 at 12:30 +0200, Jan Friesse wrote:
>> Attached is patch with included suggested changes.
>>
>> Thanks Jim.
>>
>> Jim Meyering wrote:
>>> Jan Friesse wrote:
>>>> Attached patch solves problem with running corosync as ais user.
>>>>
>>>> Main problem was hidden in reading aisexec section. If this section
>>>> exists in corosync.conf, everything works, but in other cases,
>>>> main_config->uid/gid are initialized to 0 (so only root:root) can run
>>>> corosync.
>>>>
>>>> Another problem, what this patch fixes is documentation of
>>>> corosync.conf, so now aisexec section is documented (at least user and
>>>> group).
>>>>
>>>> Index: exec/mainconfig.c
>>>> ===================================================================
>>>> --- exec/mainconfig.c      (revision 1975)
>>>> +++ exec/mainconfig.c      (working copy)
>>>> @@ -352,6 +352,10 @@
>>>>                    main_config->gid = gid_determine(value);
>>>>            } else
>>>>                    main_config->gid = gid_determine("ais");
>>>> +  } else {
>>>> +          /*We don't find object aisexec, but we allow ais user/group to 
>>>> run corosync*/
>>>> +          main_config->uid = uid_determine("ais");
>>>> +          main_config->gid = gid_determine("ais");
>>> Those two added uses of "ais" bring the total to 4.
>>> Maybe factor them out into e.g., this?
>>>
>>>   #define DEFAULT_AIS_USER_NAME "ais"
>>>   #define DEFAULT_AIS_GROUP_NAME "ais"
>>>
>>>
>>>> Index: man/corosync.conf.5
>>>> ===================================================================
>>>> --- man/corosync.conf.5    (revision 1975)
>>>> +++ man/corosync.conf.5    (working copy)
>>>> @@ -55,6 +55,9 @@
>>>>  .TP
>>>>  event { }
>>>>  This top level directive contains configuration options for the event 
>>>> service.
>>>> +.TP
>>>> +aisexec { }
>>>> +This top level directive contains configuration options for user 
>>>> privilegies.
>>> s/ies/es/
>>>
>>>>  .PP
>>>>  .PP
>>>> @@ -496,6 +499,20 @@
>>>>
>>>>  The default is none.
>>>>
>>>> +.PP
>>>> +Within the
>>>> +.B aisexec
>>>> +directive, there are two configuration options which are all optional:
>>>> +.TP
>>>> +user
>>>> +.TP
>>>> +group
>>>> +These specify the user and group, which is able to run and use corosync.
>>>> +In any case, this is able to do root:root. But if you don't want run
>>> s/run/to run/
>>>
>>>> +corosync as root, you can use this directives.
>>> s/this/these/
>>>
>>>> +
>>>> +The default is ais.
>>>> +
>>>>  .SH "FILES"
>>>>  .TP
>>>>  /etc/corosync.conf
>>>> _______________________________________________
>>>> Openais mailing list
>>>> Openais@lists.linux-foundation.org
>>>> https://lists.linux-foundation.org/mailman/listinfo/openais
>> plain text document attachment (run_as_ais.patch)
>> Index: exec/mainconfig.c
>> ===================================================================
>> --- exec/mainconfig.c        (revision 1975)
>> +++ exec/mainconfig.c        (working copy)
>> @@ -346,12 +346,16 @@
>>              if (!objdb_get_string (objdb,object_service_handle, "user", 
>> &value)) {
>>                      main_config->uid = uid_determine(value);
>>              } else
>> -                    main_config->uid = uid_determine("ais");
>> +                    main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
>>  
>>              if (!objdb_get_string (objdb,object_service_handle, "group", 
>> &value)) {
>>                      main_config->gid = gid_determine(value);
>>              } else
>> -                    main_config->gid = gid_determine("ais");
>> +                    main_config->gid = 
>> gid_determine(DEFAULT_AIS_GROUP_NAME);
>> +    } else {
>> +            /*We don't find object aisexec, but we allow ais user/group to 
>> run corosync*/
>> +            main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
>> +            main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
>>      }
>>  
>>      objdb->object_find_destroy (object_find_handle);
>> Index: exec/mainconfig.h
>> ===================================================================
>> --- exec/mainconfig.h        (revision 1975)
>> +++ exec/mainconfig.h        (working copy)
>> @@ -49,6 +49,9 @@
>>  };
>>  #define MAX_DYNAMIC_SERVICES 128
>>  
>> +#define DEFAULT_AIS_USER_NAME "ais"
>> +#define DEFAULT_AIS_GROUP_NAME "ais"
>> +
>>  struct main_config {
>>      /*
>>       * logging configuration
>> Index: man/corosync.conf.5
>> ===================================================================
>> --- man/corosync.conf.5      (revision 1975)
>> +++ man/corosync.conf.5      (working copy)
>> @@ -55,6 +55,9 @@
>>  .TP
>>  event { }
>>  This top level directive contains configuration options for the event 
>> service.
>> +.TP
>> +aisexec { }
>> +This top level directive contains configuration options for user privileges.
>>  
>>  .PP
>>  .PP
>> @@ -496,6 +499,20 @@
>>  
>>  The default is none.
>>  
>> +.PP
>> +Within the
>> +.B aisexec
>> +directive, there are two configuration options which are all optional:
>> +.TP
>> +user
>> +.TP
>> +group
>> +These specify the user and group, which is able to run and use corosync.
>> +In any case, this is able to do root:root. But if you don't want to run
>> +corosync as root, you can use these directives.
>> +
>> +The default is ais.
>> +
>>  .SH "FILES"
>>  .TP
>>  /etc/corosync.conf
>> _______________________________________________
>> Openais mailing list
>> Openais@lists.linux-foundation.org
>> https://lists.linux-foundation.org/mailman/listinfo/openais
> 


Index: exec/mainconfig.c
===================================================================
--- exec/mainconfig.c	(revision 1989)
+++ exec/mainconfig.c	(working copy)
@@ -433,8 +433,8 @@
 		strlen ("aisexec"),
 		&object_find_handle);
 
-	main_config->uid = uid_determine("ais");
-	main_config->gid = gid_determine("ais");
+	main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
+	main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
 
 	if (objdb->object_find_next (
 		object_find_handle,
Index: exec/mainconfig.h
===================================================================
--- exec/mainconfig.h	(revision 1989)
+++ exec/mainconfig.h	(working copy)
@@ -49,6 +49,9 @@
 };
 #define MAX_DYNAMIC_SERVICES 128
 
+#define DEFAULT_AIS_USER_NAME "ais"
+#define DEFAULT_AIS_GROUP_NAME "ais"
+
 struct main_config {
 	/*
 	 * logging configuration
Index: man/corosync.conf.5
===================================================================
--- man/corosync.conf.5	(revision 1989)
+++ man/corosync.conf.5	(working copy)
@@ -57,7 +57,7 @@
 This top level directive contains configuration options for the event service.
 .TP
 aisexec { }
-This top level directive contains configuration options for user privilegies.
+This top level directive contains configuration options for user privileges.
 
 .PP
 .PP
@@ -514,10 +514,10 @@
 .TP
 group
 These specify the user and group, which is able to run and use corosync.
-In any case, this is able to do root:root. But if you don't want run
-corosync as root, you can use this directives.
+In any case, this is able to do root:root. But if you don't want to run
+corosync as root, you can use these directives.
 
-The default is ais.
+The default for each is ais.
 
 .SH "FILES"
 .TP

_______________________________________________
Openais mailing list
Openais@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/openais

Reply via email to