On 12/13/2013 03:51 AM, Brusq, Jerome wrote:
> Hello all,
>
>
>
> I’m on rhel 6.2 , I’m running corosync (version 1.4.1-4.el6.x86_64) and
> pacemaker (version 1.1.6-3.el6.x86_64).
>
>
>
> Here is my configuration :
>
>
>
> /node node1/
>
> /node node2/
>
> /primitive *myscript* lsb: *myscript* \/
>
> / //op monitor interval="15s" \/
>
> / meta migration-threshold="3" failure-timeout="500s"/
>
> /primitive vip ocf:heartbeat:IPaddr \/
>
> / params ip="192.168.X.X" \/
>
> / op monitor interval="10s" timeout="20s"/
>
> /group my_group vip*myscript*/
>
> /property $id="cib-bootstrap-options" \/
>
> /
> dc-version="1.1.6-3.el6-a02c0f19a00c1eb2527ad38f146ebc0834814558" \/
>
> / cluster-infrastructure="openais" \/
>
> / expected-quorum-votes="2" \/
>
> / stonith-enabled="false" \/
>
> / cluster-recheck-interval="5min" \/
>
> / no-quorum-policy="ignore" \/
>
> / last-lrm-refresh="1386857822"/
>
> / /
>
> / /
>
> Unfortunately, it doesn’t work because my custom lsb script “myscript”
> is launched with “root” user and has to be launched by user “toto”.
>
> I found on google that I should use a file in /etc/corosync/uidgid.d ..
> so I have created the following file :
>
>
>
> /[root@node1 ~]# more /etc/corosync/uidgid.d/*myscript*/
>
> /#blabalba/
>
> /uidgid {/
>
> / uid: toto/
>
> / gid: totogrp/
>
> /}/
>
Don't do that :)
> I have restarted corosync, but I can see that “myscript” is still
> launched by ‘root’ user … any ideas ??
Can you edit "myscript" so it invokes `su - toto $command` or similar
internally?
Or, you might try the ocf:heartbeat:anything resource agent, which will
let you run arbitrary binaries, and you can specify the user they run as
with the user parameter.
Regards,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
[email protected]
_______________________________________________
Openais mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/openais
