Hello Ken, Thanks for taking the time..
>In addition, Pacemaker's configuration (CIB) is readable and writable >only by root. Users may optionally be added to the haclient group to >gain read/write access, and ACLs may optionally be configured to >restrict that access to specific portions. Thats a good point my security guys will end up asking this CIB where is stored and how protected. I did not check yet but i assumed thats it somewhere on the filesystem as you said owned and writing only by root. I think I saw the pacemaker exec procecess e.g pacemaker-execd seem to use shared memory to communicated to each other. And i assume this shared memory contains the CIB and that is stored on disk also. Note really a security issue just interesting. regards Angelo
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
