This patch looks fine but it doesn't actually use the defines specified.
Could you rework that part of the patch?
Regards
-steve
On Thu, 2009-04-02 at 12:33 +0200, Jan Friesse wrote:
> Steven,
> patch attached.
>
> Regards,
> Honza
>
> Steven Dake wrote:
> > I already merged your previous patch. Can you rework the defines into a
> > new patch? Thanks!
> >
> > Regards
> > -steve
> >
> > On Wed, 2009-04-01 at 12:30 +0200, Jan Friesse wrote:
> >> Attached is patch with included suggested changes.
> >>
> >> Thanks Jim.
> >>
> >> Jim Meyering wrote:
> >>> Jan Friesse wrote:
> >>>> Attached patch solves problem with running corosync as ais user.
> >>>>
> >>>> Main problem was hidden in reading aisexec section. If this section
> >>>> exists in corosync.conf, everything works, but in other cases,
> >>>> main_config->uid/gid are initialized to 0 (so only root:root) can run
> >>>> corosync.
> >>>>
> >>>> Another problem, what this patch fixes is documentation of
> >>>> corosync.conf, so now aisexec section is documented (at least user and
> >>>> group).
> >>>>
> >>>> Index: exec/mainconfig.c
> >>>> ===================================================================
> >>>> --- exec/mainconfig.c (revision 1975)
> >>>> +++ exec/mainconfig.c (working copy)
> >>>> @@ -352,6 +352,10 @@
> >>>> main_config->gid = gid_determine(value);
> >>>> } else
> >>>> main_config->gid = gid_determine("ais");
> >>>> + } else {
> >>>> + /*We don't find object aisexec, but we allow ais
> >>>> user/group to run corosync*/
> >>>> + main_config->uid = uid_determine("ais");
> >>>> + main_config->gid = gid_determine("ais");
> >>> Those two added uses of "ais" bring the total to 4.
> >>> Maybe factor them out into e.g., this?
> >>>
> >>> #define DEFAULT_AIS_USER_NAME "ais"
> >>> #define DEFAULT_AIS_GROUP_NAME "ais"
> >>>
> >>>
> >>>> Index: man/corosync.conf.5
> >>>> ===================================================================
> >>>> --- man/corosync.conf.5 (revision 1975)
> >>>> +++ man/corosync.conf.5 (working copy)
> >>>> @@ -55,6 +55,9 @@
> >>>> .TP
> >>>> event { }
> >>>> This top level directive contains configuration options for the event
> >>>> service.
> >>>> +.TP
> >>>> +aisexec { }
> >>>> +This top level directive contains configuration options for user
> >>>> privilegies.
> >>> s/ies/es/
> >>>
> >>>> .PP
> >>>> .PP
> >>>> @@ -496,6 +499,20 @@
> >>>>
> >>>> The default is none.
> >>>>
> >>>> +.PP
> >>>> +Within the
> >>>> +.B aisexec
> >>>> +directive, there are two configuration options which are all optional:
> >>>> +.TP
> >>>> +user
> >>>> +.TP
> >>>> +group
> >>>> +These specify the user and group, which is able to run and use corosync.
> >>>> +In any case, this is able to do root:root. But if you don't want run
> >>> s/run/to run/
> >>>
> >>>> +corosync as root, you can use this directives.
> >>> s/this/these/
> >>>
> >>>> +
> >>>> +The default is ais.
> >>>> +
> >>>> .SH "FILES"
> >>>> .TP
> >>>> /etc/corosync.conf
> >>>> _______________________________________________
> >>>> Openais mailing list
> >>>> [email protected]
> >>>> https://lists.linux-foundation.org/mailman/listinfo/openais
> >> plain text document attachment (run_as_ais.patch)
> >> Index: exec/mainconfig.c
> >> ===================================================================
> >> --- exec/mainconfig.c (revision 1975)
> >> +++ exec/mainconfig.c (working copy)
> >> @@ -346,12 +346,16 @@
> >> if (!objdb_get_string (objdb,object_service_handle, "user",
> >> &value)) {
> >> main_config->uid = uid_determine(value);
> >> } else
> >> - main_config->uid = uid_determine("ais");
> >> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
> >>
> >> if (!objdb_get_string (objdb,object_service_handle, "group",
> >> &value)) {
> >> main_config->gid = gid_determine(value);
> >> } else
> >> - main_config->gid = gid_determine("ais");
> >> + main_config->gid =
> >> gid_determine(DEFAULT_AIS_GROUP_NAME);
> >> + } else {
> >> + /*We don't find object aisexec, but we allow ais user/group to
> >> run corosync*/
> >> + main_config->uid = uid_determine(DEFAULT_AIS_USER_NAME);
> >> + main_config->gid = gid_determine(DEFAULT_AIS_GROUP_NAME);
> >> }
> >>
> >> objdb->object_find_destroy (object_find_handle);
> >> Index: exec/mainconfig.h
> >> ===================================================================
> >> --- exec/mainconfig.h (revision 1975)
> >> +++ exec/mainconfig.h (working copy)
> >> @@ -49,6 +49,9 @@
> >> };
> >> #define MAX_DYNAMIC_SERVICES 128
> >>
> >> +#define DEFAULT_AIS_USER_NAME "ais"
> >> +#define DEFAULT_AIS_GROUP_NAME "ais"
> >> +
> >> struct main_config {
> >> /*
> >> * logging configuration
> >> Index: man/corosync.conf.5
> >> ===================================================================
> >> --- man/corosync.conf.5 (revision 1975)
> >> +++ man/corosync.conf.5 (working copy)
> >> @@ -55,6 +55,9 @@
> >> .TP
> >> event { }
> >> This top level directive contains configuration options for the event
> >> service.
> >> +.TP
> >> +aisexec { }
> >> +This top level directive contains configuration options for user
> >> privileges.
> >>
> >> .PP
> >> .PP
> >> @@ -496,6 +499,20 @@
> >>
> >> The default is none.
> >>
> >> +.PP
> >> +Within the
> >> +.B aisexec
> >> +directive, there are two configuration options which are all optional:
> >> +.TP
> >> +user
> >> +.TP
> >> +group
> >> +These specify the user and group, which is able to run and use corosync.
> >> +In any case, this is able to do root:root. But if you don't want to run
> >> +corosync as root, you can use these directives.
> >> +
> >> +The default is ais.
> >> +
> >> .SH "FILES"
> >> .TP
> >> /etc/corosync.conf
> >> _______________________________________________
> >> Openais mailing list
> >> [email protected]
> >> https://lists.linux-foundation.org/mailman/listinfo/openais
> >
>
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
