Ack.
regards,
Anders Widell
2013-07-31 18:50, mathi.naic...@oracle.com skrev:
> 00-README.conf | 3 ++-
> opensaf.spec.in | 2 +-
> osaf/services/saf/avsv/amfwdog/amf_wdog.c | 12 ++++++++++--
> 3 files changed, 13 insertions(+), 4 deletions(-)
>
>
> amfwd uses the killall program to send the ABRT signal to amfnd.
> This works if amfwd is running as root, but not if it is running
> as the opensaf user (since the amfnd process is running as root even if amfwd
> is not).
> This patch adds killall to the sudoers command in the rpm spec.
>
> diff --git a/00-README.conf b/00-README.conf
> --- a/00-README.conf
> +++ b/00-README.conf
> @@ -12,8 +12,9 @@ Steps to configure 'opensaf' user after
> From 4.2 onwards, upon a 'make install' the following additional steps have
> to be done to configure OpenSAF processes to run as the UNIX system user
> "opensaf":
>
> +0) groupadd -r opensaf
> 1) useradd -r -g opensaf -d /usr/local/share/opensaf/ -s /sbin/nologin -c
> "OpenSAF" opensaf
> -2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
> /usr/bin/pkill" >> /etc/sudoers
> +2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
> /usr/bin/pkill, /usr/bin/killall" >> /etc/sudoers
> 3) echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers
> 4) echo 'Defaults:opensaf !requiretty' >> /etc/sudoers
> 5) chown opensaf /var/lib/opensaf
> diff --git a/opensaf.spec.in b/opensaf.spec.in
> --- a/opensaf.spec.in
> +++ b/opensaf.spec.in
> @@ -747,7 +747,7 @@ getent group %{opensaf_group} > /dev/nul
> getent passwd %{opensaf_user} > /dev/null || \
> useradd -r -g %{opensaf_user} -d %{_pkgdatadir} -s /sbin/nologin -c
> "OpenSAF" %{opensaf_user}
> if ! grep %{opensaf_user} /etc/sudoers > /dev/null; then
> - echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
> /usr/bin/pkill' >> /etc/sudoers
> + echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
> /usr/bin/pkill, /usr/bin/killall' >> /etc/sudoers
> echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers
> echo 'Defaults:opensaf !requiretty' >> /etc/sudoers
> fi
> diff --git a/osaf/services/saf/avsv/amfwdog/amf_wdog.c
> b/osaf/services/saf/avsv/amfwdog/amf_wdog.c
> --- a/osaf/services/saf/avsv/amfwdog/amf_wdog.c
> +++ b/osaf/services/saf/avsv/amfwdog/amf_wdog.c
> @@ -39,6 +39,8 @@
> #include <libgen.h>
> #include <time.h>
> #include <sched.h>
> +#include <unistd.h>
> +#include <sys/types.h>
>
> #include <saAmf.h>
> #include <ncssysf_def.h>
> @@ -219,8 +221,14 @@ int main(int argc, char *argv[])
> ** error. We want to catch that asap and fix it.
> */
> syslog(LOG_ERR, "TIMEOUT receiving AMF health check
> request, generating core for amfnd");
> - if ((status = system("killall -ABRT osafamfnd")) == -1)
> - syslog(LOG_ERR, "system(killall) FAILED %x",
> status);
> +
> + if (getuid() == 0 || geteuid() == 0) { /* running as a
> root user */
> + if ((status = system("killall -ABRT
> osafamfnd")) == -1)
> + syslog(LOG_ERR, "system(killall -ABRT
> osafamfnd) FAILED %x", status);
> + } else { /* running as the non-root user, default as
> the 'opensaf' user */
> + if ((status = system("sudo killall -ABRT
> osafamfnd")) == -1)
> + syslog(LOG_ERR, "system(sudo killall
> -ABRT osafamfnd) FAILED %x", status);
> + }
>
> syslog(LOG_ERR, "%s", latest_healthcheck_trace);
> syslog(LOG_ERR, "ordering system reboot");
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
