On Tue, Jul 06, 2010 at 06:36:14PM +0200, Dejan Muhamedagic wrote: > Hi Yuusuke-san, > > On Wed, Jun 30, 2010 at 08:00:18PM +0900, Yuusuke IIDA wrote: > > Hi, > > > > For anything RA, I revised it with some function addition. > > > > The list of the change is as follows. > > * I added the option which could choose whether you used a login shell to > > want > > to let a command inherit an environment variable of Resource Agent. > > OK, I assume that this may be useful at times. Though I'm not > very happy with the new parameter name, I couldn't come up with > another one. The big difference is, I guess, that the .profile > files are sourced. Perhaps to name it just "login_shell"?
the difference is that su - user clears the environment first (and then re-populates it from where that user usually gets his environment), su user (no dash) does not clear, but inherit the current environment. > > * I revised it to handle an escape character in character string set by > > cmdline_options such as follows adequately. > > --- for example: --- > > primitive AAAAA ocf:heartbeat:anything \ > > params \ > > binfile="XXXXX" \ > > cmdline_options="-V -c \"openssl des-ede3 -d -base64 -k 'yy y'\" > > -i" \ > > --- --- > > Uh, this escaping gives me headache. should this not be much easier by doing - cmd="su -c \"$variables\"" + cmd="su -c '$variables'" ? no escaping by sed necessary, except maybe (if you are paranoid) escaping of ' itself: sed -e "s/'/'\\\\''/" As long as we do cmd="su -c \"$variable\"", it is not sufficient to escape \ (as the proposed patch by Yuusuke-san does), actually you'd need to escape ` and $ and various other things as well. Unless you consider it a feature that these would be expanded already in the context of the eval running as root, not in the context of the su $user nohup. Which is (as it is now) a potential "root exploit", once you start taking "cib admin != cluster root" serious. which is not really sensible to do IMO, anyways. But I digres. Hm. Maybe we should move the eval into that context, anyways? sort of cmd="eval '${supposedly_properly_escaped_variable}'" su ... -c "$cmd" ? But, for the record: > The line says: > > +cmdline_options=`... | sed 's/\\\/\\\\\\\/g' | ...` > > How does the left side expand? Shouldn't that be an even number > of backslashes? The right side also has 7 backslashes. the first "stripping" of \ is done by the shell, before feeding the whole thing to the `` subshell. And the \ quoting within `` is subtle: backslash retains its literal meaning except when followed by $, `, or \ so those \/ combinations could have been written as \\/ as well (if only to reduce the headache of the reader, slightly) but need not be. BTW, that is one of the differences between `` and $() ... yep, its not pretty, but "correct", though not necessarily consistent between various shells and versions :( god, I hate it when I know these useless facts from the top of my head, I wish I had done less shell coding ;-) > > * Strip off the trailing clone marker. > > - quotations from the following. > > http://hg.clusterlabs.org/pacemaker/stable-1.0/file/94515b3503b5/extra/resources/Dummy#l143 > > OK. > > Can you please split the patch in three parts, so that we have > unrelated changes in signel patches. Yes, please ;-) -- : Lars Ellenberg : LINBIT | Your Way to High Availability : DRBD/HA support and consulting http://www.linbit.com DRBD® and LINBIT® are registered trademarks of LINBIT, Austria. _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/