[ClusterLabs] permissions under /etc/corosync/qnetd
Jan Friesse
jfriesse at redhat.com
Tue Nov 8 05:15:59 EST 2016
Ferenc Wágner napsal(a):
> Jan Friesse <jfriesse at redhat.com> writes:
>
>> Ferenc Wágner napsal(a):
>>
>>> Have you got any plans/timeline for 2.4.2 yet?
>>
>> Yep, I'm going to release it in few minutes/hours.
>
> Man, that was quick. I've got a bunch of typo fixes queued..:) Please
> consider announcing upcoming releases a couple of days in advance; as a
> packager, I'd much appreciate it. Maybe even tag release candidates...
We are tagging RC of big releases. This release was super small (eventho
breaking compatibility). And actually, it's better to be released rather
sooner than later. I will definitively think about RC of smaller
releases (2.3.x -> 2.4.x).
>
> Anyway, I've got a question concerning corosync-qnetd. I run it as
> user and group coroqnetd. Is granting it read access to cert8.db and
> key3.db enough for proper operation? corosync-qnetd-certutil gives
Should be, but it's not tested.
> write access to group coroqnetd to everything, which seems unintuitive
Yep. Idea is to allow scenario of qnetd administrator role. So basically
regular (non-root) user within coroqnetd group without root passwd
knowledge/sudo administering qnetd.
> to me. Please note that I've got zero experience with NSS. But I don't
> expect the daemon to change the certificate database. Should I?
Nope it shouldn't.
Regards,
Honza
>
More information about the Users
mailing list