Bug 504531
Summary: | Normal users cannot run CPG clients if openais is started by cman. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Benjamin Kahn <bkahn> |
Component: | cman | Assignee: | Chris Feist <cfeist> |
Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 5.3 | CC: | cfeist, cluster-maint, edamato, pm-eus, rlerch, sdake, tao |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cman-2.0.98-1.el5_3.4 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-16 07:33:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 485469 | ||
Bug Blocks: |
Description
Benjamin Kahn
2009-06-08 01:17:04 UTC
This bugzilla is really two things - an RFE, which are not released in a z stream, and a legitimate bug fix. The legitimate bug fix is that a user with gid of ais can't access the aisexec. That bug is fixed. The RFE is that a user with a secondary gid of AIS (ie editing /etc/group and adding that user to the ais group) is not resolved by this bugzilla. We do not address RFEs in z stream releases. I believe the RFE feature you want is addressed in 5.4 via the uidgid.d overlay directory feature which was added. If you would also like gids in /etc/group file to be processed, you can open an RFE, but likely it wont be addressed until 5.5. 1. [nstraz@try sts-root]$ qarsh -l testmonkey z2 id 2. uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys) 3. [nstraz@try sts-root]$ qarsh -l root z2 usermod -g ais testmonkey 4. [nstraz@try sts-root]$ qarsh -l testmonkey z2 id 5. uid=500(testmonkey) gid=39(ais) groups=39(ais) 6. [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5 7. 1244754000 D: do join our_nodeid 2 8. 1244754000 H: 00000000 conf 1 1 0 memb 2 join 2 left 9. 1244754000 H: 00000001 time 2 tv 1244754000.171467 config 0 10. ... 11. [nstraz@try sts-root]$ qarsh -l root z2 usermod -g 500 testmonkey 12. [nstraz@try sts-root]$ qarsh -l testmonkey z2 id 13. uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys) 14. [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5 15. 1244754053 ERROR: cpg_initialize error 29 16. 1244754053 ERROR: is corosync running? Verified fixed with the above caveat, ais must be the user's initial login group, not a supplemental group. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1103.html |