Cause: Users want to have more then one user, which can do IPC connection with OpenAIS
Consequence: Users couldn't have more then one user, which can do IPC connection with OpenAIS
Fix: Implement support for multiple uid/gid permissions
Result: Users now can have more then one user, which can do IPC connection with OpenAIS
Requesting this feature for inclusion in 5.4. It simplifies the configuration of clustered qpid.
+++ This bug was initially created as a clone of Bug #484047 +++
At present, the qpid project sets the primary group of the qpidd daemon to openais in order to enable communication with aisexec.
We'd prefer to have some other means of doing this, because changing the group has implications for any system admin based on groups.
An alternative, where specific uids are granted access, was discussed in irc:
<sdake_> jross can i aks some questions about your requirements
<jross> sdake_, certainly
<sdake_> would putting a uid name in /etc/openais.conf be a suitable solution for you?
<jross> sdake_, yes, but it would be a little suboptimal from a packaging standpoint. we'd prefer a way to dump some openais conf in something like /etc/openais.d/
<sdake_> so /etc/openais/security
<sdake_> and in that dir would contain a file qpid-uid
<jross> that would be great
<sdake_> and in qpid-uid would contain a uid for qpid?
<jross> yeah
<sdake_> ok
--- Additional comment from sdake on 2009-05-12 04:26:32 EDT ---
Honzaf is going to work on this feature for corosync trunk. Need by May 15-20th.
--- Additional comment from sdake on 2009-05-18 09:17:09 EDT ---
ping if you want this RFE feature for rhel5.4 deadline is rapidly approaching to create a 5.4 rfe bugzilla and get it in the appropriate states.b
Regards
-steve
--- Additional comment from jfriesse on 2009-05-18 09:52:34 EDT ---
Created an attachment (id=344438)
Patch fixing this problem
Section is named uidgid and can contains only uid and gid keys. Files should be placed in /etc/ais/uidgid.d/ (separate patch solves this, so every configuration is in /etc/corosync/uidgid.d)
--- Additional comment from sdake on 2009-05-18 11:50:32 EDT ---
This patch looks good for corosync commit along with your seperate patch for /etc/corosync directory changes.
Keep in mind this is not a RHEL5.4 backport.
Release note added. If any revisions are required, please set the
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: Users want to have more then one user, which can do IPC connection with OpenAIS
Consequence: Users couldn't have more then one user, which can do IPC connection with OpenAIS
Fix: Implement support for multiple uid/gid permissions
Result: Users now can have more then one user, which can do IPC connection with OpenAIS
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHBA-2009-1366.html