Steven, patch attached. Regards, Honza
Steven Dake wrote: > I already merged your previous patch. Can you rework the defines into a > new patch? Thanks! > > Regards > -steve > > On Wed, 2009-04-01 at 12:30 +0200, Jan Friesse wrote: >> Attached is patch with included suggested changes. >> >> Thanks Jim. >> >> Jim Meyering wrote: >>> Jan Friesse wrote: >>>> Attached patch solves problem with running corosync as ais user. >>>> >>>> Main problem was hidden in reading aisexec section. If this section >>>> exists in corosync.conf, everything works, but in other cases, >>>> main_config->uid/gid are initialized to 0 (so only root:root) can run >>>> corosync. >>>> >>>> Another problem, what this patch fixes is documentation of >>>> corosync.conf, so now aisexec section is documented (at least user and >>>> group). >>>> >>>> Index: exec/mainconfig.c >>>> =================================================================== >>>> --- exec/mainconfig.c (revision 1975) >>>> +++ exec/mainconfig.c (working copy) >>>> @@ -352,6 +352,10 @@ >>>> main_config->gid = gid_determine(value); >>>> } else >>>> main_config->gid = gid_determine("ais"); >>>> + } else { >>>> + /*We don't find object aisexec, but we allow ais user/group to >>>> run corosync*/ >>>> + main_config->uid = uid_determine("ais"); >>>> + main_config->gid = gid_determine("ais"); >>> Those two added uses of "ais" bring the total to 4. >>> Maybe factor them out into e.g., this? >>> >>> #define DEFAULT_AIS_USER_NAME "ais" >>> #define DEFAULT_AIS_GROUP_NAME "ais" >>> >>> >>>> Index: man/corosync.conf.5 >>>> =================================================================== >>>> --- man/corosync.conf.5 (revision 1975) >>>> +++ man/corosync.conf.5 (working copy) >>>> @@ -55,6 +55,9 @@ >>>> .TP >>>> event { } >>>> This top level directive contains configuration options for the event >>>> service. >>>> +.TP >>>> +aisexec { } >>>> +This top level directive contains configuration options for user >>>> privilegies. >>> s/ies/es/ >>> >>>> .PP >>>> .PP >>>> @@ -496,6 +499,20 @@ >>>> >>>> The default is none. >>>> >>>> +.PP >>>> +Within the >>>> +.B aisexec >>>> +directive, there are two configuration options which are all optional: >>>> +.TP >>>> +user >>>> +.TP >>>> +group >>>> +These specify the user and group, which is able to run and use corosync. >>>> +In any case, this is able to do root:root. But if you don't want run >>> s/run/to run/ >>> >>>> +corosync as root, you can use this directives. >>> s/this/these/ >>> >>>> + >>>> +The default is ais. >>>> + >>>> .SH "FILES" >>>> .TP >>>> /etc/corosync.conf >>>> _______________________________________________ >>>> Openais mailing list >>>> Openais@lists.linux-foundation.org >>>> https://lists.linux-foundation.org/mailman/listinfo/openais >> plain text document attachment (run_as_ais.patch) >> Index: exec/mainconfig.c >> =================================================================== >> --- exec/mainconfig.c (revision 1975) >> +++ exec/mainconfig.c (working copy) >> @@ -346,12 +346,16 @@ >> if (!objdb_get_string (objdb,object_service_handle, "user", >> &value)) { >> main_config->uid = uid_determine(value); >> } else >> - main_config->uid = uid_determine("ais"); >> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME); >> >> if (!objdb_get_string (objdb,object_service_handle, "group", >> &value)) { >> main_config->gid = gid_determine(value); >> } else >> - main_config->gid = gid_determine("ais"); >> + main_config->gid = >> gid_determine(DEFAULT_AIS_GROUP_NAME); >> + } else { >> + /*We don't find object aisexec, but we allow ais user/group to >> run corosync*/ >> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME); >> + main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME); >> } >> >> objdb->object_find_destroy (object_find_handle); >> Index: exec/mainconfig.h >> =================================================================== >> --- exec/mainconfig.h (revision 1975) >> +++ exec/mainconfig.h (working copy) >> @@ -49,6 +49,9 @@ >> }; >> #define MAX_DYNAMIC_SERVICES 128 >> >> +#define DEFAULT_AIS_USER_NAME "ais" >> +#define DEFAULT_AIS_GROUP_NAME "ais" >> + >> struct main_config { >> /* >> * logging configuration >> Index: man/corosync.conf.5 >> =================================================================== >> --- man/corosync.conf.5 (revision 1975) >> +++ man/corosync.conf.5 (working copy) >> @@ -55,6 +55,9 @@ >> .TP >> event { } >> This top level directive contains configuration options for the event >> service. >> +.TP >> +aisexec { } >> +This top level directive contains configuration options for user privileges. >> >> .PP >> .PP >> @@ -496,6 +499,20 @@ >> >> The default is none. >> >> +.PP >> +Within the >> +.B aisexec >> +directive, there are two configuration options which are all optional: >> +.TP >> +user >> +.TP >> +group >> +These specify the user and group, which is able to run and use corosync. >> +In any case, this is able to do root:root. But if you don't want to run >> +corosync as root, you can use these directives. >> + >> +The default is ais. >> + >> .SH "FILES" >> .TP >> /etc/corosync.conf >> _______________________________________________ >> Openais mailing list >> Openais@lists.linux-foundation.org >> https://lists.linux-foundation.org/mailman/listinfo/openais >
Index: exec/mainconfig.c =================================================================== --- exec/mainconfig.c (revision 1989) +++ exec/mainconfig.c (working copy) @@ -433,8 +433,8 @@ strlen ("aisexec"), &object_find_handle); - main_config->uid = uid_determine("ais"); - main_config->gid = gid_determine("ais"); + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME); + main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME); if (objdb->object_find_next ( object_find_handle, Index: exec/mainconfig.h =================================================================== --- exec/mainconfig.h (revision 1989) +++ exec/mainconfig.h (working copy) @@ -49,6 +49,9 @@ }; #define MAX_DYNAMIC_SERVICES 128 +#define DEFAULT_AIS_USER_NAME "ais" +#define DEFAULT_AIS_GROUP_NAME "ais" + struct main_config { /* * logging configuration Index: man/corosync.conf.5 =================================================================== --- man/corosync.conf.5 (revision 1989) +++ man/corosync.conf.5 (working copy) @@ -57,7 +57,7 @@ This top level directive contains configuration options for the event service. .TP aisexec { } -This top level directive contains configuration options for user privilegies. +This top level directive contains configuration options for user privileges. .PP .PP @@ -514,10 +514,10 @@ .TP group These specify the user and group, which is able to run and use corosync. -In any case, this is able to do root:root. But if you don't want run -corosync as root, you can use this directives. +In any case, this is able to do root:root. But if you don't want to run +corosync as root, you can use these directives. -The default is ais. +The default for each is ais. .SH "FILES" .TP
_______________________________________________ Openais mailing list Openais@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/openais