Bug 485462 - Normal users cannot run CPG clients if corosync is started by cman.
Normal users cannot run CPG clients if corosync is started by cman.
Product: Fedora
Classification: Fedora
Component: openais (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Steven Dake
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-02-13 12:16 EST by Alan Conway
Modified: 2016-04-26 19:49 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-19 05:27:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alan Conway 2009-02-13 12:16:50 EST
Description of problem:

Run cman, run a CPG client as a non-root user with gid=ais: cpg_init
returns error 11 - access denied. Running the CPG client as root works. 

If corosync is started without cman, then running CPG client as non-root user with gid=ais works correctly.

(11:50:11 AM) sdake: if root is uid gid is not checked
(11:51:33 AM) sdake: my guess is the config loader is setting the uid or gid fields in the config file
(11:51:38 AM) sdake: mainconfig.c should do this automatically
(11:51:50 AM) sdake: by config loader, i mean the cman config loader
(11:51:57 AM) sdake: you can put that in the bz aswell
Comment 1 Christine Caulfield 2009-02-16 09:09:10 EST
cman sets uid/gid to root. This was mainly to avoid configuration troubles as we otherwise would have had to add users & groups in the packaging for "ais".

If we can add these entries then I'll change cman's config loader.
Comment 2 Christine Caulfield 2009-02-18 06:18:43 EST
I've committed fix for this to git. It should turn up in the next Fedora package.

commit 4ee81b60d86a4147b35cf71c41bfe24a2a8632cb
Author: Christine Caulfield <ccaulfie@redhat.com>
Date:   Wed Feb 18 11:11:56 2009 +0000

    cman: Allow connections from unprivileged user/group "ais"

Comment 3 Christine Caulfield 2009-02-19 05:27:42 EST

Note You need to log in before you can comment on or make changes to this bug.