Bug 680748

Summary: [RFE] Named resource agent should run named as the named user, not root.
Product: Red Hat Enterprise Linux 6 Reporter: Colin.Simpson
Component: resource-agentsAssignee: Chris Feist <cfeist>
Status: CLOSED WONTFIX QA Contact: Cluster QE <mspqa-list>
Severity: low Docs Contact:
Priority: medium    
Version: 6.0CC: cluster-maint, djansa, lhh, rdassen
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 711586 (view as bug list) Environment:
Last Closed: 2011-06-24 20:34:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 693781, 711586, 987587    

Description Colin.Simpson 2011-02-27 13:56:02 UTC 
The resource agent for named could do with enhancement.

(my testing here is based on adding in the missing /usr/share/cluster/utils/named-parse-config.pl which has a bug entry that is being actioned already)

This agent is great but could benefit from a few changes. 

1/ It runs the daemon as root. This isn't desirable. There isn't much required to change this. Passing named daemon launch line a "-u named" and chowning the directory that holds the pid file seems to be enough (I did this with a chown named:named `dirname $NAMED_pid_file`, after the creation routine there is probably a cleaner way, it may even be better to chgrp and chmod g+w, haven't checked).

2/ Even though this agent changes the listen address to match the IP address of passed to the service. Zone Transfers etc always come from the main IP of the node running the service. This isn't perfect as these are often secured by source IP (on the up level boxes) (and this is a hassle if a large number of nodes in the cluster) and it is confusing that it isn't the cluster service IP. 

The resource script should probably (even if by an option) change not just listen-on but set "transfer-source", "query-source", "notify-source". There maybe others.

I have looked at Fedora 14's named resource agent and it doesn't seem to have these features so this query maybe an upstream one. But I'm not sure what the the upstream is for this?
Comment 2 Perry Myers 2011-02-27 14:49:15 UTC 
(In reply to comment #0)
> I have looked at Fedora 14's named resource agent and it doesn't seem to have
> these features so this query maybe an upstream one. But I'm not sure what the
> the upstream is for this?

@Colin: resource agents are used in a variety of upstream distros, but if you're interested in getting this fixed upstream best place to file a bug would be Fedora against the resource-agents package.  When Fedora has this fixed, we can look at pulling the fixes into RHEL.
Comment 3 Colin.Simpson 2011-02-27 17:19:57 UTC 
That's cool, I have added a Bug #680775 for Fedora to hopefully action. 

And I have opened a SR#428006 with support pointing at this bug report.

Thanks
Comment 6 Chris Feist 2011-06-07 20:00:40 UTC 
Updating bz to refer to issue #1.  Making sure the named daemon runs as the user "named" instead of root.  Issue #2 has been moved to bz#711586.
Comment 8 Chris Feist 2011-06-24 20:34:05 UTC 
After digging deeper into getting the agent to run as named, there can potentially be issues if named has already been run as the root user.  It's possible that some of the bind configuration files will not have the correct permissions which would break an upgrade.

However, there is a simple workaround.  Add the option 'named_options="-u named"' to the named service in your cluster.conf file and the service will be run as the user 'named'.

Closing this as WONTFIX for now as an upgrade will likely break current installs, and there is a simple workaround.