[Pacemaker] Can't issue 'crm configure' commands under privileged user
Dejan Muhamedagic
dejanmm at fastmail.fm
Fri Sep 28 09:50:06 UTC 2012
Hi,
On Thu, Sep 27, 2012 at 04:40:15PM +0200, Lars Marowsky-Bree wrote:
> On 2012-09-27T14:57:08, Colin McCormack <colin.mccormack at openet.com> wrote:
>
> > I installed pacemaker/corosync as root (details below):
> > Pacemaker version 1.0.12, release 1.el5.centos, x86_64
> > Corosync version 1.2.7, release 1.1.el5, x86_64
>
> You have the user in the haclient group, and thus it should be able to
> control the cluster. Perhaps
>
> > Allow user with privileged access to configure the node:
> > crm options user colinlinux
>
> This doesn't "allow" the user to configure the cluster, but runs all
> commands from crm as this user (even if running as root). I'm not sure
> this is very well tested.
It should be. I'm using it most of the time myself.
> > WITH SUDO:
> > colinlinux# sudo crm configure primitive xclock ocf:tester:xclock op monitor interval=20 timeout=20 start-delay=30s params run_user=colinlinux meta failure-timeout="360" migration-threshold=5
> > error given:
> > # cibadmin not available, check your installation
>
> I have the impression that the user colinlinux doesn't have /usr/sbin in
> its path.
Definitely.
> If you want to restrict the commands that a non-root user can execute on
> the cluster, check out the CIB and the shell's ACL support.
This could be a slightly different use case. The shell runs most
of the time as the real user, then doing sudo just when invoking
cibadmin and perhaps a few more things.
Cheers,
Dejan
> Regards,
> Lars
>
> --
> Architect Storage/HA
> SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
> "Experience is the name everyone gives to their mistakes." -- Oscar Wilde
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Pacemaker
mailing list