Created attachment 1029855 [details]
proposed fix

Test:
A non-root user is able to create, start, stop, enable, disable, destroy a cluster, add and remove nodes using pcs commands. If the user is not authenticated to the local pcsd he/she will be prompted for login and password automatically.

Before fix:
[user1@rh71-node1 ~]$ pcs cluster stop
Stopping Cluster (pacemaker)... Redirecting to /bin/systemctl stop  pacemaker.service
Failed to issue method call: Access denied
Error: unable to stop pacemaker
[user1@rh71-node1 ~]$ echo $?
1

After fix:
[user1@rh71-node1 ~]$ pcs cluster stop
Please authenticate yourself to the local pcsd
Username: user1
Password: 
localhost: Authorized

Stopping Cluster (pacemaker)... Stopping Cluster (corosync)...

[user1@rh71-node1 ~]$ pcs status nodes
Error: error running crm_mon, is pacemaker running?
[user1@rh71-node1 ~]$ pcs cluster start
Starting Cluster...

[user1@rh71-node1 ~]$ pcs status nodes
Pacemaker Nodes:
 Online: rh71-node1 rh71-node2
 Standby:
 Offline:

Before Fix:
[root@rh71-node1 ~]# rpm -q pcs
pcs-0.9.137-13.el7_1.2.x86_64
[user1@rh71-node1 ~]$ pcs cluster start
Starting Cluster...
Redirecting to /bin/systemctl start  corosync.service
Failed to issue method call: Access denied

Error: unable to start corosync



After Fix:
[root@rh71-node1:~]# rpm -q pcs
pcs-0.9.140-1.el6.x86_64
[user1@rh71-node1 ~]$ pcs cluster start
Please authenticate yourself to the local pcsd
Username: hacluster
Password: 
localhost: Authorized

Starting Cluster...

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2290.html