I think I recall that this behaviour was changed so that applications
can choose themselves what user-id and group-id to run with.
OPENSAF_USER and OPENSAF_GROUP specify what user-id the OpenSAF
processes themselves shall run with, which may be different from the
user-id the applications shall run with.
So the application will be started as root:root and must call setgid()
and setuid() to change its user-id and group-id.
regards,
Anders Widell
On 07/20/2017 11:50 PM, William R Elliott wrote:
Hi All,
I have recently upgraded from opensaf version 4.4.0 to 5.1.0. In 4.4.0, when I
set the OPENSAF_GROUP and OPENSAF_USER variables in the nid.conf file and
unlocked a service unit the applications in each component were started as the
OPENSAF_USER which is what I needed. However, in 5.1.0 the applications are now
being started as the root user instead of the OPENSAF_USER in nid.conf.
I’ve read the config README file, as well as other README files, but I don’t
see any references concerning this problem, or what has changed in 5.1.0 that
would exhibit this kind of behavior. I’ve read through the opensaf documents
and I still have not found anything concerning this scenario.
I have verified the following:
1) OPENSAF_USER and OPENSAF_GROUP variables are set correctly in nid.conf
file
2) The user and group are set correctly on the instantiation scripts
3) opensaf was not built with: CPPFLAGS=-DRUNASROOT
I’ve even tried changing the amfnd main.cc file main function to directly call
daemonize instead of daemonize_as_user to ensure osafamfnd started as the
OPENSAF_USER, but for some reason osafamfnd hung and the opensaf services did
not come up.
I could be missing something simple here, but I can’t think what else to try.
I would appreciate any help with this problem.
Thanks
[https://www.netcracker.com/assets/img/netcracker-social-final.png] ƕ
________________________________
The information transmitted herein is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary and/or
privileged material. Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received this
in error, please contact the sender and delete the material from any computer.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-users
