Bug 504531 - Normal users cannot run CPG clients if openais is started by cman.
Normal users cannot run CPG clients if openais is started by cman.
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cman (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Chris Feist
Cluster QE
: ZStream
Depends On: 485469
  Show dependency treegraph
Reported: 2009-06-07 21:17 EDT by Benjamin Kahn
Modified: 2016-04-26 10:18 EDT (History)
7 users (show)

See Also:
Fixed In Version: cman-2.0.98-1.el5_3.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-16 03:33:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Benjamin Kahn 2009-06-07 21:17:04 EDT
This bug has been copied from bug #485469 and has been proposed
to be backported to 5.3 z-stream (EUS).
Comment 4 Steven Dake 2009-06-11 17:06:02 EDT
This bugzilla is really two things - an RFE, which are not released in a z stream, and a legitimate bug fix.

The legitimate bug fix is that a user with gid of ais can't access the aisexec.  That bug is fixed.

The RFE is that a user with a secondary gid of AIS (ie editing /etc/group and adding that user to the ais group) is not resolved by this bugzilla.

We do not address RFEs in z stream releases.  I believe the RFE feature you want is addressed in 5.4 via the uidgid.d overlay directory feature which was added.

If you would also like gids in /etc/group file to be processed, you can open an RFE, but likely it wont be addressed until 5.5.
Comment 5 Steven Dake 2009-06-11 17:07:10 EDT
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
      uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys)
      [nstraz@try sts-root]$ qarsh -l root  z2 usermod -g ais testmonkey
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
      uid=500(testmonkey) gid=39(ais) groups=39(ais)
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5
      1244754000 D: do join our_nodeid 2
      1244754000 H: 00000000 conf 1 1 0 memb 2 join 2 left
      1244754000 H: 00000001 time 2 tv 1244754000.171467 config 0
      [nstraz@try sts-root]$ qarsh -l root  z2 usermod -g 500 testmonkey
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 id
      uid=500(testmonkey) gid=500(testmonkeys) groups=39(ais),500(testmonkeys)
      [nstraz@try sts-root]$ qarsh -l testmonkey z2 /usr/bin/cpgx -i 5
      1244754053 ERROR: cpg_initialize error 29
      1244754053 ERROR: is corosync running?
Comment 6 Nate Straz 2009-06-11 17:21:27 EDT
Verified fixed with the above caveat, ais must be the user's initial login group, not a supplemental group.
Comment 8 errata-xmlrpc 2009-06-16 03:33:14 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.