[Pacemaker] crmsh dosn't respect the acl read permissions

Andrew Beekhof andrew at beekhof.net
Tue Jul 9 07:09:11 UTC 2013 

On 09/07/2013, at 4:58 PM, emmanuel segura <emi2fast at gmail.com> wrote:

> Hello Andrew
> 
> please, can you tell me why?

Because its easy to turn on for anyone that wants it

> 
> Thanks
> 
> 
> 2013/7/9 Andrew Beekhof <andrew at beekhof.net>
> 
> On 09/07/2013, at 3:29 PM, emmanuel segura <emi2fast at gmail.com> wrote:
> 
> > Hi
> >
> > I compiled pacemaker using the following commands
> >
> > git clone git://github.com/ClusterLabs/pacemaker.git
> > cd pacemaker
> > make rpm-dep
> > make rpm
> >
> > But the acls are not enable by default?
> 
> no
> 
> >
> > Thanks
> >
> >
> >
> > 2013/7/9 Gao,Yan <ygao at suse.com>
> > Hi,
> > Was pacemaker built "--with-acl"? Is "acls" listed in the output of
> > "cibadmin -!"?
> >
> > Regards,
> >   Gao,Yan
> >
> > On 07/08/13 17:57, emmanuel segura wrote:
> > > Hi
> > >
> > > I did
> > >
> > > Thanks
> > >
> > >
> > > 2013/7/8 Dejan Muhamedagic <dejanmm at fastmail.fm
> > > <mailto:dejanmm at fastmail.fm>>
> > >
> > >     Hi,
> > >
> > >     On Mon, Jul 08, 2013 at 12:52:07AM +0200, emmanuel segura wrote:
> > >     > Hello List
> > >     >
> > >     > Maybe this is wrong the wrong list, but now i'm playing with pacemaker
> > >     > 1.10  and a i see the crmsh dosn't respeact the read permissions
> > >     like i
> > >     > show below
> > >     >
> > >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >     > [root at nod01 ~]# id watch
> > >     > uid=505(watch) gid=100(users) groups=100(users),989(haclient)
> > >     >
> > >     > [root at nod01 ~]# crm configure show | grep dc
> > >     >     dc-version="1.1.10-1.fc18-e04c603" \
> > >     >     dc-deadtime="30"
> > >     >
> > >     > [root at nod01 ~]# su - watch
> > >     > [watch at nod01 ~]$ crm configure property dc-deadtime="60"
> > >     > [watch at nod01 ~]$ crm configure show | grep dc
> > >     >     dc-version="1.1.10-1.fc18-e04c603" \
> > >     >     dc-deadtime="60"
> > >
> > >     > My acl
> > >     >
> > >     > role monitor \
> > >     >     read cib
> > >     > user watch \
> > >     >     role:monitor
> > >     >
> > >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > >     Did you also set:
> > >
> > >     crm configure property enable-acl=true
> > >
> > >     BTW, it is not crmsh but cib (the process) which evaluates the
> > >     ACL.
> > >
> > >     Thanks,
> > >
> > >     Dejan
> > >
> > >     >
> > >     >
> > >     > Thanks
> > >     >
> > >     >
> > >     > --
> > >     > esta es mi vida e me la vivo hasta que dios quiera
> > >
> > >     > _______________________________________________
> > >     > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > >     <mailto:Pacemaker at oss.clusterlabs.org>
> > >     > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> > >     >
> > >     > Project Home: http://www.clusterlabs.org
> > >     > Getting started:
> > >     http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > >     > Bugs: http://bugs.clusterlabs.org
> > >
> > >
> > >     _______________________________________________
> > >     Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > >     <mailto:Pacemaker at oss.clusterlabs.org>
> > >     http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> > >
> > >     Project Home: http://www.clusterlabs.org
> > >     Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > >     Bugs: http://bugs.clusterlabs.org
> > >
> > >
> > >
> > >
> > > --
> > > esta es mi vida e me la vivo hasta que dios quiera
> > >
> > >
> > > _______________________________________________
> > > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> > >
> > > Project Home: http://www.clusterlabs.org
> > > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > > Bugs: http://bugs.clusterlabs.org
> > >
> >
> > --
> > Gao,Yan <ygao at suse.com>
> > Software Engineer
> > China Server Team, SUSE.
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
> >
> >
> >
> > --
> > esta es mi vida e me la vivo hasta que dios quiera
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
> 
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
> 
> 
> 
> -- 
> esta es mi vida e me la vivo hasta que dios quiera
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

More information about the Pacemaker mailing list