00-README.conf | 3 ++-
opensaf.spec.in | 2 +-
osaf/services/saf/avsv/amfwdog/amf_wdog.c | 12 ++++++++++--
3 files changed, 13 insertions(+), 4 deletions(-)
amfwd uses the killall program to send the ABRT signal to amfnd.
This works if amfwd is running as root, but not if it is running
as the opensaf user (since the amfnd process is running as root even if amfwd
is not).
This patch adds killall to the sudoers command in the rpm spec.
diff --git a/00-README.conf b/00-README.conf
--- a/00-README.conf
+++ b/00-README.conf
@@ -12,8 +12,9 @@ Steps to configure 'opensaf' user after
From 4.2 onwards, upon a 'make install' the following additional steps have
to be done to configure OpenSAF processes to run as the UNIX system user
"opensaf":
+0) groupadd -r opensaf
1) useradd -r -g opensaf -d /usr/local/share/opensaf/ -s /sbin/nologin -c
"OpenSAF" opensaf
-2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
/usr/bin/pkill" >> /etc/sudoers
+2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
/usr/bin/pkill, /usr/bin/killall" >> /etc/sudoers
3) echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers
4) echo 'Defaults:opensaf !requiretty' >> /etc/sudoers
5) chown opensaf /var/lib/opensaf
diff --git a/opensaf.spec.in b/opensaf.spec.in
--- a/opensaf.spec.in
+++ b/opensaf.spec.in
@@ -747,7 +747,7 @@ getent group %{opensaf_group} > /dev/nul
getent passwd %{opensaf_user} > /dev/null || \
useradd -r -g %{opensaf_user} -d %{_pkgdatadir} -s /sbin/nologin -c
"OpenSAF" %{opensaf_user}
if ! grep %{opensaf_user} /etc/sudoers > /dev/null; then
- echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
/usr/bin/pkill' >> /etc/sudoers
+ echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config,
/usr/bin/pkill, /usr/bin/killall' >> /etc/sudoers
echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers
echo 'Defaults:opensaf !requiretty' >> /etc/sudoers
fi
diff --git a/osaf/services/saf/avsv/amfwdog/amf_wdog.c
b/osaf/services/saf/avsv/amfwdog/amf_wdog.c
--- a/osaf/services/saf/avsv/amfwdog/amf_wdog.c
+++ b/osaf/services/saf/avsv/amfwdog/amf_wdog.c
@@ -39,6 +39,8 @@
#include <libgen.h>
#include <time.h>
#include <sched.h>
+#include <unistd.h>
+#include <sys/types.h>
#include <saAmf.h>
#include <ncssysf_def.h>
@@ -219,8 +221,14 @@ int main(int argc, char *argv[])
** error. We want to catch that asap and fix it.
*/
syslog(LOG_ERR, "TIMEOUT receiving AMF health check
request, generating core for amfnd");
- if ((status = system("killall -ABRT osafamfnd")) == -1)
- syslog(LOG_ERR, "system(killall) FAILED %x",
status);
+
+ if (getuid() == 0 || geteuid() == 0) { /* running as a
root user */
+ if ((status = system("killall -ABRT
osafamfnd")) == -1)
+ syslog(LOG_ERR, "system(killall -ABRT
osafamfnd) FAILED %x", status);
+ } else { /* running as the non-root user, default as
the 'opensaf' user */
+ if ((status = system("sudo killall -ABRT
osafamfnd")) == -1)
+ syslog(LOG_ERR, "system(sudo killall
-ABRT osafamfnd) FAILED %x", status);
+ }
syslog(LOG_ERR, "%s", latest_healthcheck_trace);
syslog(LOG_ERR, "ordering system reboot");
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
