That description sounds fine to me. Nevertheless, I still can't see the problem you are trying to solve when it is already possible to run OpenSAF as a non-root user.
Cheers, Mathi. On Tue, Jul 28, 2020 at 9:56 PM Anand Sundararaj < s.an...@gethighavailability.com> wrote: > Thanks Mathi. I can change it to "amf: provide configuration option to > run amfnd as non-root [##205]", is that ok? > > Thanks > Anand Sundararaj > Senior Solutions Architect | +1 480 686 4772 > > www.GetHighAvailability.com > <https://am2.myprofessionalmail.com/appsuite/www.GetHighAvailability.com> > Get High Availability Today! > *NJ, USA*: +1 508-507-6507 > > On 07/28/2020 12:24 PM Mathi N P <mathi.np....@gmail.com> wrote: > > > Hi Anand, > > For some background, It is not merely a hard coding that you are looking > at, but it is rather by design. > I think you should at the least change the commit message of your patch > and describe the actual change that you are intending to introduce. > FYI, > Mathi. > > On Tue, Jul 28, 2020 at 6:01 PM Anand Sundararaj < > s.an...@gethighavailability.com> wrote: > > Hi Minh/Thang/Nagendra/Paul, > I am planning to push the patch by 30th July(thursday). > Please kindly find some time to review by 29th July(tomorrow) and > send your comments or Ack. > > Thanks > Anand Sundararaj > Senior Solutions Architect | +1 480 686 4772 > www.GetHighAvailability.com ( > https://am2.myprofessionalmail.com/appsuite/www.GetHighAvailability.com) > Get High Availability Today! > NJ, USA: +1 508-507-6507 > > > On 07/23/2020 9:38 PM s.an...@gethighavailability.com < > s.an...@gethighavailability.com> wrote: > > > > > > Hi Thang, > > Good catch ! > > Can you please let me know if you were starting pm monitoring on a > component pid, which is in root or non-root? > > > > The issue, you are reporting, Thang, may come when Amfnd' (kill) doesn't > have permission to send signal to the pid. > > I am assuming that you are getting EPERM as a return. > > Can you please verify, Thang(by logging, just like done in mon.cc at > "switch (kill(mon_rec->pid, 0)) {"), if the return is EPERM or something > else? > > If it is correct, then ideally, the user shouldn't be using pm > monitoring on such pid and that means no change is needed in the patch. > > can you please confirm, Thang. > > > > Thanks > > > > Anand Sundararaj > > Senior Solutions Architect | 480 686 4772 > > > > > > www.GetHighAvailability.com > > > > Get High Availability Today! > > NJ, USA: +1 508-507-6507 > > > > > On 07/20/2020 9:11 PM Thang Duc Nguyen <thang.d.ngu...@dektech.com.au> > wrote: > > > > > > > > > I missed one info. I tested with NON_ROOT user. > > > export AMFND_NON_ROOT=1 > > > > > > -----Original Message----- > > > From: Thang Duc Nguyen <thang.d.ngu...@dektech.com.au> > > > Sent: Tuesday, July 21, 2020 11:02 AM > > > To: s.an...@gethighavailability.com; Minh Hon Chau < > minh.c...@dektech.com.au>; nagen...@gethighavailability.com; > p...@gethighavailability.com > > > Cc: opensaf-devel@lists.sourceforge.net > > > Subject: Re: [devel] [PATCH 1/1] amf: remove hard-coding in amfnd > [#3205] > > > > > > Hi Sundararaj, > > > > > > The Opensaf can start but it may not run correctly. > > > I tested your patch. During passive mornitoring process of copoenent, > this patch cuases the coredump in function avnd_comp_pm_param_val() when > invoking saAmfPmStop()/saAmfPmStart(). > > > > > > Snipest code indicate the crash in cpm.cc file void > avnd_comp_pm_param_val( ) { ... > > > if (kill(pm_start->pid, 0) == -1) { > > > osafassert(errno == ESRCH); //Crash here due to retured error: > Operation not permitted > > > *o_amf_rc = SA_AIS_ERR_NOT_EXIST; > > > return; > > > } > > > } > > > > > > B.R/Thang > > > -----Original Message----- > > > From: s.an...@gethighavailability.com <s.an...@gethighavailability.com> > > > > Sent: Tuesday, July 21, 2020 9:22 AM > > > To: Minh Hon Chau <minh.c...@dektech.com.au>; Thang Duc Nguyen < > thang.d.ngu...@dektech.com.au>; nagen...@gethighavailability.com; > p...@gethighavailability.com > > > Cc: opensaf-devel@lists.sourceforge.net; Anand Sundararaj < > s.an...@gethighavailability.com> > > > Subject: [PATCH 1/1] amf: remove hard-coding in amfnd [#3205] > > > > > > From: Anand Sundararaj <s.an...@gethighavailability.com> > > > > > > --- > > > src/amf/amfnd/amfnd.conf | 3 +++ > > > src/amf/amfnd/main.cc | 9 ++++++++- > > > 2 files changed, 11 insertions(+), 1 deletion(-) > > > > > > diff --git a/src/amf/amfnd/amfnd.conf b/src/amf/amfnd/amfnd.conf index > 07bc0ba..4e8b07a 100644 > > > --- a/src/amf/amfnd/amfnd.conf > > > +++ b/src/amf/amfnd/amfnd.conf > > > @@ -34,3 +34,6 @@ export AVND_PM_MONITORING_RATE=1000 # It can be > disabled if set THREAD_TRACE_BUFFER as 0, the maximum value # can be set > as 65535. > > > # export THREAD_TRACE_BUFFER=10240 > > > + > > > +#AMFND run as root. Uncomment next line to run as a user mentioned in > nid.conf. > > > +#export AMFND_NON_ROOT=1 > > > diff --git a/src/amf/amfnd/main.cc b/src/amf/amfnd/main.cc index > d7857fa..6d9ee95 100644 > > > --- a/src/amf/amfnd/main.cc > > > +++ b/src/amf/amfnd/main.cc > > > @@ -164,6 +164,7 @@ static void new_handler() { > > > > > > int main(int argc, char *argv[]) { > > > uint32_t error; > > > + char *val; > > > > > > // function to be called if new fails. The alternative of using > catch of > > > // std::bad_alloc will unwind the stack and thus no call chain will > be @@ -179,7 +180,13 @@ int main(int argc, char *argv[]) { > > > goto done; > > > } > > > > > > - daemonize_as_user("root", argc, argv); > > > + if ((val = getenv("AMFND_NON_ROOT")) != nullptr) { > > > + daemonize(argc, argv); > > > + TRACE("AMFND will run as non-root"); } else { > > > + daemonize_as_user("root", argc, argv); > > > + TRACE("AMFND will run as root"); > > > + } > > > > > > // Enable long DN > > > if (setenv("SA_ENABLE_EXTENDED_NAMES", "1", 1) != 0) { > > > -- > > > 2.7.4 > > > > > > > > > > > > _______________________________________________ > > > Opensaf-devel mailing list > > > Opensaf-devel@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/opensaf-devel > > > > > > _______________________________________________ > > Opensaf-devel mailing list > > Opensaf-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/opensaf-devel > > > _______________________________________________ > Opensaf-devel mailing list > Opensaf-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/opensaf-devel > > _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel
