Bug 504531 – Normal users cannot run CPG clients if openais is started by cman.

Bug 504531 - Normal users cannot run CPG clients if openais is started by cman.

Summary:	Normal users cannot run CPG clients if openais is started by cman.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	cman (Show other bugs)
Sub Component:
Version:	5.3
Hardware:	All Linux

Priority	urgent Severity urgent
Target Milestone:	rc
Target Release:	---
Assigned To:	Chris Feist
QA Contact:	Cluster QE
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	485469
Blocks:
	Show dependency tree / graph

Reported:	2009-06-07 21:17 EDT by Benjamin Kahn
Modified:	2016-04-26 10:18 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	cman-2.0.98-1.el5_3.4
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2009-06-16 03:33:14 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Benjamin Kahn 2009-06-07 21:17:04 EDT

This bug has been copied from bug #485469 and has been proposed
to be backported to 5.3 z-stream (EUS).

Comment 4 Steven Dake 2009-06-11 17:06:02 EDT

This bugzilla is really two things - an RFE, which are not released in a z stream, and a legitimate bug fix.

The legitimate bug fix is that a user with gid of ais can't access the aisexec.  That bug is fixed.

The RFE is that a user with a secondary gid of AIS (ie editing /etc/group and adding that user to the ais group) is not resolved by this bugzilla.

We do not address RFEs in z stream releases.  I believe the RFE feature you want is addressed in 5.4 via the uidgid.d overlay directory feature which was added.

If you would also like gids in /etc/group file to be processed, you can open an RFE, but likely it wont be addressed until 5.5.

Comment 5 Steven Dake 2009-06-11 17:07:10 EDT

   1.
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
   2.
      uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys)
   3.
      [nstraz@try sts-root]$ qarsh -l root  z2 usermod -g ais testmonkey
   4.
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
   5.
      uid=500(testmonkey) gid=39(ais) groups=39(ais)
   6.
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5
   7.
      1244754000 D: do join our_nodeid 2
   8.
      1244754000 H: 00000000 conf 1 1 0 memb 2 join 2 left
   9.
      1244754000 H: 00000001 time 2 tv 1244754000.171467 config 0
  10.
      ...
  11.
      [nstraz@try sts-root]$ qarsh -l root  z2 usermod -g 500 testmonkey
  12.
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
  13.
      uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys)
  14.
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5
  15.
      1244754053 ERROR: cpg_initialize error 29
  16.
      1244754053 ERROR: is corosync running?

Comment 6 Nate Straz 2009-06-11 17:21:27 EDT

Verified fixed with the above caveat, ais must be the user's initial login group, not a supplemental group.

Comment 8 errata-xmlrpc 2009-06-16 03:33:14 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1103.html

Note You need to log in before you can comment on or make changes to this bug.