Hi Anders, Thanks for the response. So I just want to make sure that I completely understand what you are saying here, there's no way to make opensaf start an application as a different user? I.e. opensaf will always start an application as root, and the developer must change the application code to start as another user?
The reason I'm asking is that we have an instantiation script that actually starts our applications and I was hoping that by using the "su" command to change to the correct user and group in that script, this would solve my problem. thanks -----Original Message----- From: Anders Widell [mailto:[email protected]] Sent: Monday, July 24, 2017 8:56 AM To: William R Elliott; [email protected] Subject: Re: [users] Issue with applications started as root user I think I recall that this behaviour was changed so that applications can choose themselves what user-id and group-id to run with. OPENSAF_USER and OPENSAF_GROUP specify what user-id the OpenSAF processes themselves shall run with, which may be different from the user-id the applications shall run with. So the application will be started as root:root and must call setgid() and setuid() to change its user-id and group-id. regards, Anders Widell On 07/20/2017 11:50 PM, William R Elliott wrote: > Hi All, > I have recently upgraded from opensaf version 4.4.0 to 5.1.0. In 4.4.0, when > I set the OPENSAF_GROUP and OPENSAF_USER variables in the nid.conf file and > unlocked a service unit the applications in each component were started as > the OPENSAF_USER which is what I needed. However, in 5.1.0 the applications > are now being started as the root user instead of the OPENSAF_USER in > nid.conf. > > I’ve read the config README file, as well as other README files, but I don’t > see any references concerning this problem, or what has changed in 5.1.0 that > would exhibit this kind of behavior. I’ve read through the opensaf documents > and I still have not found anything concerning this scenario. > > I have verified the following: > > 1) OPENSAF_USER and OPENSAF_GROUP variables are set correctly in > nid.conf file > > 2) The user and group are set correctly on the instantiation scripts > > 3) opensaf was not built with: CPPFLAGS=-DRUNASROOT > > I’ve even tried changing the amfnd main.cc file main function to directly > call daemonize instead of daemonize_as_user to ensure osafamfnd started as > the OPENSAF_USER, but for some reason osafamfnd hung and the opensaf services > did not come up. > > I could be missing something simple here, but I can’t think what else to try. > I would appreciate any help with this problem. > > Thanks > > [https://www.netcracker.com/assets/img/netcracker-social-final.png] ƕ > > > > ________________________________ > The information transmitted herein is intended only for the person or entity > to which it is addressed and may contain confidential, proprietary and/or > privileged material. Any review, retransmission, dissemination or other use > of, or taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. > ---------------------------------------------------------------------- > -------- Check out the vibrant tech community on one of the world's > most engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensaf-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/opensaf-users ________________________________ The information transmitted herein is intended only for the person or entity to which it is addressed and may contain confidential, proprietary and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Opensaf-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opensaf-users
