Yes - we are using different names for the value LockerWrtUser=. Actually we have several vcl-wrt vcl-wcu, vcl-dev, etc

This is defined when adding the user to the database. From the install instructions file under step 2.

2) create a user with SELECT, INSERT, UPDATE, and DELETE privileges on the database from #1 (GRANT SELECT,INSERT,UPDATE,DELETE ON vcl.* TO '<insert user here>'@'localhost' IDENTIFIED BY '<insert pwd here>';)

The username at '<insert user here>'@'localhost' can be anything you want.
It does have to be defined in the vcld.conf file at the required variable 'LockerWrtUser'. vcld needs to know what to connect as.


--On April 6, 2009 12:58:42 PM -0400 Brian Bouterse <> wrote:

Even though LockerWrtUser is there to indicate which database user the
management node should use to login to the db, the only value the daemon
will start with is vcl.  Has anyone ever gotten the vcld to start
successfully and checkin with the database when using something other
than 'vcl' (specified in vcld.conf as LockerWrtUser)?

Is that clearer?


Brian Bouterse
Secure Open Systems Initiative

On Apr 6, 2009, at 12:48 PM, Aaron Peeler wrote:

Could you re-phrase this part? I don't understand what issue your

The value assigned to 'LockerWrtUser=' is the variable used when
vcld starts to make the database connection.


--On April 6, 2009 12:35:26 PM -0400 Brian Bouterse
<> wrote:

I've resolved my issue, but I do think there is a bug here.  It
seems the
SELECT, INSERT, UPDATE, DELETE permissions are all the management
database user requires.  However, even though there is a parameter in
/etc/vcl/vcld.conf for LockerWrtUser, the value the management node
check in with is when:


I am not sure why.


Brian Bouterse
Secure Open Systems Initiative

On Apr 6, 2009, at 12:21 PM, Brian Bouterse wrote:

I am doing a fresh installation and starting with a database built
from the most recent vcl.sql from the SVN.  I've configured my
frontend and management node, according to these instructions:

I've added my management node to the DB, but I couldn't get the vcld
process to start cleanly without the following complaint from the

| 2615| ---- WARNING ----
| 2615| 2009-04-06 12:17:50|2615||zero rows were returned from
database select statement:

| 2615|    SELECT
| 2615|    managementnode.*,
| 2615| AS predictive_name,
| 2615|    predictivemodule.prettyname AS predictive_prettyname,
| 2615|    predictivemodule.description AS predictive_description,
| 2615|    predictivemodule.perlpackage  AS predictive_perlpackage,
| 2615| AS statename
| 2615|    FROM
| 2615|    managementnode,
| 2615|    module predictivemodule,
| 2615|  state
| 2615|    WHERE
| 2615|    managementnode.predictivemoduleid =
| 2615|  AND managementnode.stateid =
| 2615|    AND
| 2615|    managementnode.hostname like ''
| 2615| ( 0), notify (line: 691)
| 2615| (-1), get_management_node_info (line: 7206)
| 2615| (-2) vcld, main (line: 127)

/usr/lib/sendmail: option requires an argument -- f
2009-04-06 12:17:50|2615||SUCCESS -- Sending mail
To: , PROBLEM -- vcld

| 2615| ---- CRITICAL ----
| 2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve
management node information from database
| 2615| ( 0), notify (line: 691)
| 2615| (-1) vcld, main (line: 131)

I believe this is default user permissions bug because when I give
my vcl user in the database full permissions (All Privileges)
instead of the recommended in the instructions (SELECT, INSERT,
UPDATE, DELETE), it works.  What are the right permissions for a
frontend user?  What are the right permissions for a backend user?
Do the instructions need to be updated?


Brian Bouterse
Secure Open Systems Initiative

Reply via email to