Red Hat Bugzilla – Bug 484047
RFE: Provide configurable uid based aisexec access
Last modified: 2009-05-20 09:31:16 EDT
At present, the qpid project sets the primary group of the qpidd daemon to openais in order to enable communication with aisexec.
We'd prefer to have some other means of doing this, because changing the group has implications for any system admin based on groups.
An alternative, where specific uids are granted access, was discussed in irc:
<sdake_> jross can i aks some questions about your requirements
<jross> sdake_, certainly
<sdake_> would putting a uid name in /etc/openais.conf be a suitable solution for you?
<jross> sdake_, yes, but it would be a little suboptimal from a packaging standpoint. we'd prefer a way to dump some openais conf in something like /etc/openais.d/
<sdake_> so /etc/openais/security
<sdake_> and in that dir would contain a file qpid-uid
<jross> that would be great
<sdake_> and in qpid-uid would contain a uid for qpid?
Honzaf is going to work on this feature for corosync trunk. Need by May 15-20th.
Created attachment 344438 [details]
Patch fixing this problem
Section is named uidgid and can contains only uid and gid keys. Files should be placed in /etc/ais/uidgid.d/ (separate patch solves this, so every configuration is in /etc/corosync/uidgid.d)
Code (with change to /etc/corosync) pushed to upstream, so I'm closing bug.