Mailing List Archive

How to run heartbeat and pacemaker resources as a non-root user
Hello,

I need to run heartbeat and pacemaker resources as non-root users.
When I try to run heartbeat as a "hacluster" user, it fails to run with the
following error:

"Starting High-Availability services: chmod: changing permissions of
`/var/run/heartbeat/rsctmp': Operation not permitted
Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"

I have tried changing ownership and permissions for the above directories
and files but still the same result.

Can somebody help me in this?

Thanks and regards
Neha Chatrath
Re: How to run heartbeat and pacemaker resources as a non-root user [ In reply to ]
On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath@gmail.com> wrote:
> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user,

That probably wont work. We already try to drop as much privilege as
we can, but some processes need to be root or that can't do anything -
like add an IP address to a machine.

> it fails to run with the
> following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Re: How to run heartbeat and pacemaker resources as a non-root user [ In reply to ]
Hello,

Thanks for the reply.
I have been successfully using Heartbeat as a root user.
But I have a system requirement for which I need to run my different custom
applications (configured using crm) as a non root user.
Can this be done?

Regards
Neha Chatrath

Date: Mon, 20 Feb 2012 22:05:30 +1100
From: Andrew Beekhof <andrew@beekhof.net>
To: The Pacemaker cluster resource manager
<pacemaker@oss.clusterlabs.org
>
Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources
as a non-root user
Message-ID:
<CAEDLWG2OK25f4jRg8Y0KWsgC6n35_bzzDy6np+EGK0TUtJGB-A@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath@gmail.com>
wrote:
> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user,

That probably wont work. We already try to drop as much privilege as
we can, but some processes need to be root or that can't do anything -
like add an IP address to a machine.

> it fails to run with the
> following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath


On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath <nehachatrath@gmail.com>wrote:

> Hello,
>
> I need to run heartbeat and pacemaker resources as non-root users.
> When I try to run heartbeat as a "hacluster" user, it fails to run with
> the following error:
>
> "Starting High-Availability services: chmod: changing permissions of
> `/var/run/heartbeat/rsctmp': Operation not permitted
> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>
> I have tried changing ownership and permissions for the above directories
> and files but still the same result.
>
> Can somebody help me in this?
>
> Thanks and regards
> Neha Chatrath
>
>
Re: How to run heartbeat and pacemaker resources as a non-root user [ In reply to ]
On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath <nehachatrath@gmail.com> wrote:
> Hello,
>
> Thanks for the reply.
> I have been successfully using Heartbeat as a root user.
> But I have a system requirement for which I need to run my different custom
> applications  (configured using crm)  as a non root user.
> Can this be done?

"su - otheruser" in the resource agent
have a look in the existing agents for how they do it

>
> Regards
> Neha Chatrath
>
> Date: Mon, 20 Feb 2012 22:05:30 +1100
> From: Andrew Beekhof <andrew@beekhof.net>
> To: The Pacemaker cluster resource manager
>        <pacemaker@oss.clusterlabs.org
>>
> Subject: Re: [Pacemaker] How to run heartbeat and pacemaker resources
>        as a non-root user
> Message-ID:
>        <CAEDLWG2OK25f4jRg8Y0KWsgC6n35_bzzDy6np+EGK0TUtJGB-A@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
> On Mon, Feb 20, 2012 at 2:39 PM, neha chatrath <nehachatrath@gmail.com>
> wrote:
>> Hello,
>>
>> I need to run heartbeat and pacemaker resources as non-root users.
>> When I try to run heartbeat as a "hacluster" user,
>
> That probably wont work.  We already try to drop as much privilege as
> we can, but some processes need to be root or that can't do anything -
> like add an IP address to a machine.
>
>> it fails to run with the
>> following error:
>>
>> "Starting High-Availability services: chmod: changing permissions of
>> `/var/run/heartbeat/rsctmp': Operation not permitted
>> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>>
>> I have tried changing ownership and permissions for the above directories
>> and files but still the same result.
>>
>> Can somebody help me in this?
>>
>> Thanks and regards
>> Neha Chatrath
>
>
> On Mon, Feb 20, 2012 at 9:09 AM, neha chatrath <nehachatrath@gmail.com>
> wrote:
>>
>> Hello,
>>
>> I need to run heartbeat and pacemaker resources as non-root users.
>> When I try to run heartbeat as a "hacluster" user, it fails to run with
>> the following error:
>>
>> "Starting High-Availability services: chmod: changing permissions of
>> `/var/run/heartbeat/rsctmp': Operation not permitted
>> Done. touch: cannot touch `/var/lock/subsys/heartbeat': Permission denied"
>>
>> I have tried changing ownership and permissions for the above directories
>> and files but still the same result.
>>
>> Can somebody help me in this?
>>
>> Thanks and regards
>> Neha Chatrath
>>
>
>
>
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Re: How to run heartbeat and pacemaker resources as a non-root user [ In reply to ]
On Fri, Feb 24, 2012 at 10:28:05AM +1100, Andrew Beekhof wrote:
> On Tue, Feb 21, 2012 at 2:41 PM, neha chatrath <nehachatrath@gmail.com> wrote:
> > Hello,
> >
> > Thanks for the reply.
> > I have been successfully using Heartbeat as a root user.
> > But I have a system requirement for which I need to run my different custom
> > applications  (configured using crm)  as a non root user.
> > Can this be done?
>
> "su - otheruser" in the resource agent
> have a look in the existing agents for how they do it

Maybe we should add a "user" option to the ocf_run() helper?

--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org