Bug 484047 - RFE: Provide configurable uid based aisexec access
RFE: Provide configurable uid based aisexec access
Product: Fedora
Classification: Fedora
Component: corosync (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Friesse
Fedora Extras Quality Assurance
Depends On:
Blocks: 501337
  Show dependency treegraph
Reported: 2009-02-04 09:29 EST by Justin Ross
Modified: 2009-05-20 09:31 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 501337 (view as bug list)
Last Closed: 2009-05-20 09:31:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch fixing this problem (7.30 KB, patch)
2009-05-18 09:52 EDT, Jan Friesse
no flags Details | Diff

  None (edit)
Description Justin Ross 2009-02-04 09:29:53 EST
At present, the qpid project sets the primary group of the qpidd daemon to openais in order to enable communication with aisexec.

We'd prefer to have some other means of doing this, because changing the group has implications for any system admin based on groups.

An alternative, where specific uids are granted access, was discussed in irc:

<sdake_> jross can i aks some questions about your requirements
<jross> sdake_, certainly
<sdake_> would putting a uid name in /etc/openais.conf be a suitable solution for you?
<jross> sdake_, yes, but it would be a little suboptimal from a packaging standpoint.  we'd prefer a way to dump some openais conf in something like /etc/openais.d/
<sdake_> so /etc/openais/security
<sdake_> and in that dir would contain a file qpid-uid
<jross> that would be great
<sdake_> and in qpid-uid would contain a uid for qpid?
<jross> yeah
<sdake_> ok
Comment 4 Steven Dake 2009-05-12 04:26:32 EDT
Honzaf is going to work on this feature for corosync trunk.  Need by May 15-20th.
Comment 6 Jan Friesse 2009-05-18 09:52:34 EDT
Created attachment 344438 [details]
Patch fixing this problem

Section is named uidgid and can contains only uid and gid keys. Files should be placed in /etc/ais/uidgid.d/ (separate patch solves this, so every configuration is in /etc/corosync/uidgid.d)
Comment 8 Jan Friesse 2009-05-20 09:31:16 EDT
Code (with change to /etc/corosync) pushed to upstream, so I'm closing bug.

Note You need to log in before you can comment on or make changes to this bug.