Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux-HA: Pacemaker

How to run heartbeat and pacemaker resources as a non-root user

 

 

Linux-HA pacemaker RSS feed   Index | Next | Previous | View Threaded


nehachatrath at gmail

Feb 19, 2012, 7:39 PM

Post #1 of 5 (771 views)
Permalink
How to run heartbeat and pacemaker resources as a non-root user

Hello,

I need to run heartbeat and pacemaker resources as non-root users.
When I try to run heartbeat as a "hacluster" user, it fails to run with the
following error:

"Starting High-Availability services: chmod: changing permissions of
`/var/run/heartbeat/rsctmp': Operation not permitted
Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"

I have tried changing ownership and permissions for the above directories
and files but still the same result.

Can somebody help me in this?

Thanks and regards
Neha Chatrath


andrew at beekhof

Feb 20, 2012, 3:05 AM

Post #2 of 5 (728 views)
Permalink
Re: How to run heartbeat and pacemaker resources as a non-root user [In reply to]

On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath [at] gmail> wrote:
> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user,

That probably wont work. We already try to drop as much privilege as
we can, but some processes need to be root or that can't do anything -
like add an IP address to a machine.

> it fails to run with the
> following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker [at] oss
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

_______________________________________________
Pacemaker mailing list: Pacemaker [at] oss
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


nehachatrath at gmail

Feb 20, 2012, 7:41 PM

Post #3 of 5 (736 views)
Permalink
Re: How to run heartbeat and pacemaker resources as a non-root user [In reply to]

Hello,

Thanks for the reply.
I have been successfully using Heartbeat as a root user.
But I have a system requirement for which I need to run my different custom
applications (configured using crm) as a non root user.
Can this be done?

Regards
Neha Chatrath

Date: Mon, 20 Feb 2012 22:05:30 +1100
From: Andrew Beekhof <andrew [at] beekhof>
To: The Pacemaker cluster resource manager
<pacemaker [at] oss
>
Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources
as a non-root user
Message-ID:
<CAEDLWG2OK25f4jRg8Y0KWsgC6n35_bzzDy6np+EGK0TUtJGB-A [at] mail>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath [at] gmail>
wrote:
> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user,

That probably wont work. We already try to drop as much privilege as
we can, but some processes need to be root or that can't do anything -
like add an IP address to a machine.

> it fails to run with the
> following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath


On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath <nehachatrath [at] gmail>wrote:

> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user, it fails to run with
> the following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath
>
>


andrew at beekhof

Feb 23, 2012, 3:28 PM

Post #4 of 5 (728 views)
Permalink
Re: How to run heartbeat and pacemaker resources as a non-root user [In reply to]

On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath <nehachatrath [at] gmail> wrote:
> Hello,
>
> Thanks for the reply.
> I have been successfully using Heartbeat as a root user.
> But I have a system requirement for which I need to run my different custom
> applications  (configured using crm)  as a non root user.
> Can this be done?

"su - otheruser" in the resource agent
have a look in the existing agents for how they do it

>
> Regards
> Neha Chatrath
>
> Date: Mon, 20 Feb 2012 22:05:30 +1100
> From: Andrew Beekhof <andrew [at] beekhof>
> To: The Pacemaker cluster resource manager
>        <pacemaker [at] oss
>>
> Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources
>        as a non-root user
> Message-ID:
>        <CAEDLWG2OK25f4jRg8Y0KWsgC6n35_bzzDy6np+EGK0TUtJGB-A [at] mail>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
> On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath [at] gmail>
> wrote:
>> Hello,
>>
>> I need to run heartbeat and pacemaker resources as non-root users.
>> When I try to run heartbeat as a "hacluster" user,
>
> That probably wont work.  We already try to drop as much privilege as
> we can, but some processes need to be root or that can't do anything -
> like add an IP address to a machine.
>
>> it fails to run with the
>> following error:
>>
>> "Starting High-Availability services: chmod: changing permissions of
>> `/var/run/heartbeat/rsctmp': Operation not permitted
>> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>>
>> I have tried changing ownership and permissions for the above directories
>> and files but still the same result.
>>
>> Can somebody help me in this?
>>
>> Thanks and regards
>> Neha Chatrath
>
>
> On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath <nehachatrath [at] gmail>
> wrote:
>>
>> Hello,
>>
>> I need to run heartbeat and pacemaker resources as non-root users.
>> When I try to run heartbeat as a "hacluster" user, it fails to run with
>> the following error:
>>
>> "Starting High-Availability services: chmod: changing permissions of
>> `/var/run/heartbeat/rsctmp': Operation not permitted
>> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>>
>> I have tried changing ownership and permissions for the above directories
>> and files but still the same result.
>>
>> Can somebody help me in this?
>>
>> Thanks and regards
>> Neha Chatrath
>>
>
>
>
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker [at] oss
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

_______________________________________________
Pacemaker mailing list: Pacemaker [at] oss
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org


lars.ellenberg at linbit

Feb 24, 2012, 4:24 AM

Post #5 of 5 (723 views)
Permalink
Re: How to run heartbeat and pacemaker resources as a non-root user [In reply to]

On Fri, Feb 24, 2012 at 10:28:05AM +1100, Andrew Beekhof wrote:
> On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath <nehachatrath [at] gmail> wrote:
> > Hello,
> >
> > Thanks for the reply.
> > I have been successfully using Heartbeat as a root user.
> > But I have a system requirement for which I need to run my different custom
> > applications  (configured using crm)  as a non root user.
> > Can this be done?
>
> "su - otheruser" in the resource agent
> have a look in the existing agents for how they do it

Maybe we should add a "user" option to the ocf_run() helper?

--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com

_______________________________________________
Pacemaker mailing list: Pacemaker [at] oss
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Linux-HA pacemaker RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.