[Linux-HA] Pacemaker runs daemons as root
dejanmm at fastmail.fm
Thu Jun 19 03:16:15 MDT 2008
On Wed, Jun 18, 2008 at 10:56:22PM +0200, Andrew Beekhof wrote:
> On Wed, Jun 18, 2008 at 22:50, Serge Dubrouski <sergeyfd at gmail.com> wrote:
> > On Wed, Jun 18, 2008 at 2:47 PM, Andrew Beekhof <beekhof at gmail.com> wrote:
> >> On Wed, Jun 18, 2008 at 20:43, Serge Dubrouski <sergeyfd at gmail.com> wrote:
> >>> Here is some additional info from the log file:
> >>> heartbeat: 2008/06/18_14:38:16 info: respawn directive: root
> >>> /usr/lib/heartbeat/lrmd -r
> >>> heartbeat: 2008/06/18_14:38:18 info: Starting child client
> >>> "/usr/lib/heartbeat/lrmd -r" (0,0)
> >>> heartbeat: 2008/06/18_14:38:18 info: Starting
> >>> "/usr/lib/heartbeat/lrmd -r" as uid 0 gid 0 (pid 5569)
> >>> Why would it start a child process as root?
> >> particularly for the lrmd - it must be run as root in order to be able
> >> to run the RAs.
> > On old systems it drops own privileges to "nobody" and still can
> > control all those things, don;t know how.
> I think it asks for root privs back (return_to_orig_privs() ), spawns
> the RA process and drops them again.
Right. It runs all the time as user nobody, then raises
privileges when it's about to fork/exec a resource agent.
> But as you pointed out, that only works if CAN_DROP_PRIVS is defined/working.
I guess that this is the culprit.
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> See also: http://linux-ha.org/ReportingProblems
More information about the Linux-HA