[Pacemaker] crmsh dosn't respect the acl read permissions
Dejan Muhamedagic
dejanmm at fastmail.fm
Mon Jul 8 04:19:53 EDT 2013
Hi,
On Mon, Jul 08, 2013 at 12:52:07AM +0200, emmanuel segura wrote:
> Hello List
>
> Maybe this is wrong the wrong list, but now i'm playing with pacemaker
> 1.10 and a i see the crmsh dosn't respeact the read permissions like i
> show below
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> [root at nod01 ~]# id watch
> uid=505(watch) gid=100(users) groups=100(users),989(haclient)
>
> [root at nod01 ~]# crm configure show | grep dc
> dc-version="1.1.10-1.fc18-e04c603" \
> dc-deadtime="30"
>
> [root at nod01 ~]# su - watch
> [watch at nod01 ~]$ crm configure property dc-deadtime="60"
> [watch at nod01 ~]$ crm configure show | grep dc
> dc-version="1.1.10-1.fc18-e04c603" \
> dc-deadtime="60"
> My acl
>
> role monitor \
> read cib
> user watch \
> role:monitor
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Did you also set:
crm configure property enable-acl=true
BTW, it is not crmsh but cib (the process) which evaluates the
ACL.
Thanks,
Dejan
>
>
> Thanks
>
>
> --
> esta es mi vida e me la vivo hasta que dios quiera
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Pacemaker
mailing list