Bug 1196412
Summary: | pcs cluster start should go to pcsd if user is not root | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Chris Feist <cfeist> | ||||
Component: | pcs | Assignee: | Tomas Jelinek <tojeline> | ||||
Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.2 | CC: | cluster-maint, rsteiger, sbradley, tojeline | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | pcs-0.9.140-1.el7 | Doc Type: | Bug Fix | ||||
Doc Text: |
Cause:
User is not logged in as root.
Consequence:
User is not able to create, start, stop, enable, disable, destroy a cluster, add and remove nodes using pcs commands.
Fix:
Redirect these commands to local pcsd, ask for login and password if the user is not authenticated yet.
Result:
User is able to run previously mentioned commands even if he/she is not root.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-19 09:34:57 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1158577 | ||||||
Attachments: |
|
Description
Chris Feist
2015-02-25 22:32:35 UTC
Created attachment 1029855 [details]
proposed fix
Test:
A non-root user is able to create, start, stop, enable, disable, destroy a cluster, add and remove nodes using pcs commands. If the user is not authenticated to the local pcsd he/she will be prompted for login and password automatically.
Before fix:
[user1@rh71-node1 ~]$ pcs cluster stop
Stopping Cluster (pacemaker)... Redirecting to /bin/systemctl stop pacemaker.service
Failed to issue method call: Access denied
Error: unable to stop pacemaker
[user1@rh71-node1 ~]$ echo $?
1
After fix:
[user1@rh71-node1 ~]$ pcs cluster stop
Please authenticate yourself to the local pcsd
Username: user1
Password:
localhost: Authorized
Stopping Cluster (pacemaker)... Stopping Cluster (corosync)...
[user1@rh71-node1 ~]$ pcs status nodes
Error: error running crm_mon, is pacemaker running?
[user1@rh71-node1 ~]$ pcs cluster start
Starting Cluster...
[user1@rh71-node1 ~]$ pcs status nodes
Pacemaker Nodes:
Online: rh71-node1 rh71-node2
Standby:
Offline:
Before Fix: [root@rh71-node1 ~]# rpm -q pcs pcs-0.9.137-13.el7_1.2.x86_64 [user1@rh71-node1 ~]$ pcs cluster start Starting Cluster... Redirecting to /bin/systemctl start corosync.service Failed to issue method call: Access denied Error: unable to start corosync After Fix: [root@rh71-node1:~]# rpm -q pcs pcs-0.9.140-1.el6.x86_64 [user1@rh71-node1 ~]$ pcs cluster start Please authenticate yourself to the local pcsd Username: hacluster Password: localhost: Authorized Starting Cluster... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2290.html |