Bug 485469
| Summary: | Normal users cannot run CPG clients if openais is started by cman. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Alan Conway <aconway> |
| Component: | cman | Assignee: | Christine Caulfield <ccaulfie> |
| Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 5.3 | CC: | cfeist, cluster-maint, cward, edamato, rlerch, tao |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cman-2.0.100-1.el5 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: cman set the objdb keys "user" and "group" to the value "root" so that only root could access openais services.
Consequence: Any user other than root that tried to run service that connected to openais would be rejected as a privilege violation.
Fix: The values of "user" and "group" were set to be "ais"
Result: Users that are a member of the "ais" group can now run openais service programs
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-02 11:06:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 504531 | ||
|
Description
Alan Conway
2009-02-13 17:23:25 UTC
The fix is trivial, and in Fedora 10. If you really need this in RHEL-5 we'll need some ACKs. Committed for RHEL5.4
commit 49e8d4b32390184b1794b90b11865d8d60ee352d
Author: Christine Caulfield <ccaulfie>
Date: Fri Mar 27 15:23:30 2009 +0000
cman: Allow connections from unprivileged user/group "ais"
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: cman set the objdb keys "user" and "group" to the value "root" so that only root could access openais services. Consequence: Any user other than root that tried to run service that connected to openais would be rejected as a privilege violation. Fix: The values of "user" and "group" were set to be "ais" Result: Users that are a member of the "ais" group can now run openais service programs ~~ Attention - RHEL 5.4 Beta Released! ~~ RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner! If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value. Questions can be posted to this bug or your customer or partner representative. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1341.html |