dejanmm at fastmail
Jul 29, 2008, 5:18 AM
Post #2 of 3
(209 views)
Permalink
|
Hi Keisuke-san,
On Tue, Jul 29, 2008 at 08:03:18PM +0900, Keisuke MORI wrote:
> Dejan,
>
> BasicSanityCheck fails by the permission test of RA
> because ocf-tester returns an error at below (line 175)
> if nobody user was not allowed to login.
>
> su nobody $agent $action > /dev/null
>
> [root[at]cupertino]# su nobody /usr/lib/ocf/resource.d/heartbeat/Dummy meta-data
> This account is currently not available.
> [root[at]cupertino]# grep nobody /etc/passwd
> nobody:x:99:99:Nobody:/:/sbin/nologin
>
>
> How about to use the hacluster user instead as attached?
That won't help. nobody was chosen because lrmd runs the
meta-data action as nobody. The problem here is that su(1)
requires a shell whereas lrmd doesn't. It looks like the -s
option could help. Just pushed a patch. Could you please test it
too.
Thanks,
Dejan
> Thanks,
> --
> Keisuke MORI
> NTT DATA Intellilink Corporation
>
Content-Description: ocf-tester.patch
> diff -r a8b2fc037b29 tools/ocf-tester.in
> --- a/tools/ocf-tester.in Thu Jul 17 17:01:29 2008 +0900
> +++ b/tools/ocf-tester.in Tue Jul 29 19:58:04 2008 +0900
> @@ -168,11 +168,11 @@ lrm_test_command() {
>
> test_permissions() {
> action=meta-data
> - msg=${1:-"Testing permissions with uid nobody"}
> + msg=${1:-"Testing permissions with uid @HA_CCMUSER@"}
> if [ $verbose -ne 0 ]; then
> echo $msg
> fi
> - su nobody $agent $action > /dev/null
> + su @HA_CCMUSER@ $agent $action > /dev/null
> }
>
> test_metadata() {
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev[at]lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev[at]lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
|
ocf-tester.patch
