00-README.conf | 3 ++- opensaf.spec.in | 2 +- osaf/services/saf/avsv/amfwdog/amf_wdog.c | 12 ++++++++++-- 3 files changed, 13 insertions(+), 4 deletions(-)
amfwd uses the killall program to send the ABRT signal to amfnd. This works if amfwd is running as root, but not if it is running as the opensaf user (since the amfnd process is running as root even if amfwd is not). This patch adds killall to the sudoers command in the rpm spec. diff --git a/00-README.conf b/00-README.conf --- a/00-README.conf +++ b/00-README.conf @@ -12,8 +12,9 @@ Steps to configure 'opensaf' user after From 4.2 onwards, upon a 'make install' the following additional steps have to be done to configure OpenSAF processes to run as the UNIX system user "opensaf": +0) groupadd -r opensaf 1) useradd -r -g opensaf -d /usr/local/share/opensaf/ -s /sbin/nologin -c "OpenSAF" opensaf -2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config, /usr/bin/pkill" >> /etc/sudoers +2) echo "opensaf ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config, /usr/bin/pkill, /usr/bin/killall" >> /etc/sudoers 3) echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers 4) echo 'Defaults:opensaf !requiretty' >> /etc/sudoers 5) chown opensaf /var/lib/opensaf diff --git a/opensaf.spec.in b/opensaf.spec.in --- a/opensaf.spec.in +++ b/opensaf.spec.in @@ -747,7 +747,7 @@ getent group %{opensaf_group} > /dev/nul getent passwd %{opensaf_user} > /dev/null || \ useradd -r -g %{opensaf_user} -d %{_pkgdatadir} -s /sbin/nologin -c "OpenSAF" %{opensaf_user} if ! grep %{opensaf_user} /etc/sudoers > /dev/null; then - echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config, /usr/bin/pkill' >> /etc/sudoers + echo '%{opensaf_user} ALL = NOPASSWD: /sbin/reboot, /sbin/tipc-config, /usr/bin/pkill, /usr/bin/killall' >> /etc/sudoers echo 'Defaults:%opensaf !requiretty' >> /etc/sudoers echo 'Defaults:opensaf !requiretty' >> /etc/sudoers fi diff --git a/osaf/services/saf/avsv/amfwdog/amf_wdog.c b/osaf/services/saf/avsv/amfwdog/amf_wdog.c --- a/osaf/services/saf/avsv/amfwdog/amf_wdog.c +++ b/osaf/services/saf/avsv/amfwdog/amf_wdog.c @@ -39,6 +39,8 @@ #include <libgen.h> #include <time.h> #include <sched.h> +#include <unistd.h> +#include <sys/types.h> #include <saAmf.h> #include <ncssysf_def.h> @@ -219,8 +221,14 @@ int main(int argc, char *argv[]) ** error. We want to catch that asap and fix it. */ syslog(LOG_ERR, "TIMEOUT receiving AMF health check request, generating core for amfnd"); - if ((status = system("killall -ABRT osafamfnd")) == -1) - syslog(LOG_ERR, "system(killall) FAILED %x", status); + + if (getuid() == 0 || geteuid() == 0) { /* running as a root user */ + if ((status = system("killall -ABRT osafamfnd")) == -1) + syslog(LOG_ERR, "system(killall -ABRT osafamfnd) FAILED %x", status); + } else { /* running as the non-root user, default as the 'opensaf' user */ + if ((status = system("sudo killall -ABRT osafamfnd")) == -1) + syslog(LOG_ERR, "system(sudo killall -ABRT osafamfnd) FAILED %x", status); + } syslog(LOG_ERR, "%s", latest_healthcheck_trace); syslog(LOG_ERR, "ordering system reboot"); ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel