Re: [Pacemaker] How to run heartbeat and pacemaker resources as a non-root user
On Fri, Feb 24, 2012 at 10:28:05AM +1100, Andrew Beekhof wrote: > On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath wrote: > > Hello, > > > > Thanks for the reply. > > I have been successfully using Heartbeat as a root user. > > But I have a system requirement for which I need to run my different custom > > applications (configured using crm) as a non root user. > > Can this be done? > > "su - otheruser" in the resource agent > have a look in the existing agents for how they do it Maybe we should add a "user" option to the ocf_run() helper? -- : Lars Ellenberg : LINBIT | Your Way to High Availability : DRBD/HA support and consulting http://www.linbit.com ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] How to run heartbeat and pacemaker resources as a non-root user
On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath wrote: > Hello, > > Thanks for the reply. > I have been successfully using Heartbeat as a root user. > But I have a system requirement for which I need to run my different custom > applications (configured using crm) as a non root user. > Can this be done? "su - otheruser" in the resource agent have a look in the existing agents for how they do it > > Regards > Neha Chatrath > > Date: Mon, 20 Feb 2012 22:05:30 +1100 > From: Andrew Beekhof > To: The Pacemaker cluster resource manager > > > Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources > as a non-root user > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > > On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath > wrote: >> Hello, >> >> I need to run heartbeat and pacemaker resources as non-root users. >> When I try to run heartbeat as a "hacluster" user, > > That probably wont work. We already try to drop as much privilege as > we can, but some processes need to be root or that can't do anything - > like add an IP address to a machine. > >> it fails to run with the >> following error: >> >> "Starting High-Availability services: chmod: changing permissions of >> `/var/run/heartbeat/rsctmp': Operation not permitted >> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied" >> >> I have tried changing ownership and permissions for the above directories >> and files but still the same result. >> >> Can somebody help me in this? >> >> Thanks and regards >> Neha Chatrath > > > On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath > wrote: >> >> Hello, >> >> I need to run heartbeat and pacemaker resources as non-root users. >> When I try to run heartbeat as a "hacluster" user, it fails to run with >> the following error: >> >> "Starting High-Availability services: chmod: changing permissions of >> `/var/run/heartbeat/rsctmp': Operation not permitted >> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied" >> >> I have tried changing ownership and permissions for the above directories >> and files but still the same result. >> >> Can somebody help me in this? >> >> Thanks and regards >> Neha Chatrath >> > > > > > > ___ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org > ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] How to run heartbeat and pacemaker resources as a non-root user
Hello, Thanks for the reply. I have been successfully using Heartbeat as a root user. But I have a system requirement for which I need to run my different custom applications (configured using crm) as a non root user. Can this be done? Regards Neha Chatrath Date: Mon, 20 Feb 2012 22:05:30 +1100 From: Andrew Beekhof To: The Pacemaker cluster resource manager Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources as a non-root user Message-ID: Content-Type: text/plain; charset=ISO-8859-1 On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath wrote: > Hello, > > I need to run heartbeat and pacemaker resources as non-root users. > When I try to run heartbeat as a "hacluster" user, That probably wont work. We already try to drop as much privilege as we can, but some processes need to be root or that can't do anything - like add an IP address to a machine. > it fails to run with the > following error: > > "Starting High-Availability services: chmod: changing permissions of > `/var/run/heartbeat/rsctmp': Operation not permitted > Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied" > > I have tried changing ownership and permissions for the above directories > and files but still the same result. > > Can somebody help me in this? > > Thanks and regards > Neha Chatrath On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath wrote: > Hello, > > I need to run heartbeat and pacemaker resources as non-root users. > When I try to run heartbeat as a "hacluster" user, it fails to run with > the following error: > > "Starting High-Availability services: chmod: changing permissions of > `/var/run/heartbeat/rsctmp': Operation not permitted > Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied" > > I have tried changing ownership and permissions for the above directories > and files but still the same result. > > Can somebody help me in this? > > Thanks and regards > Neha Chatrath > > ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] How to run heartbeat and pacemaker resources as a non-root user
On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath wrote: > Hello, > > I need to run heartbeat and pacemaker resources as non-root users. > When I try to run heartbeat as a "hacluster" user, That probably wont work. We already try to drop as much privilege as we can, but some processes need to be root or that can't do anything - like add an IP address to a machine. > it fails to run with the > following error: > > "Starting High-Availability services: chmod: changing permissions of > `/var/run/heartbeat/rsctmp': Operation not permitted > Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied" > > I have tried changing ownership and permissions for the above directories > and files but still the same result. > > Can somebody help me in this? > > Thanks and regards > Neha Chatrath > > > ___ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org > ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
