Bug 531273 - Enable clustat for non-root users
Summary: Enable clustat for non-root users
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rgmanager
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Lon Hohberger
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-27 14:36 UTC by Martin P
Modified: 2010-01-12 18:55 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-12 18:55:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Possible fix (6.92 KB, patch)
2009-10-28 21:05 UTC, Lon Hohberger
no flags Details | Diff

Description Martin P 2009-10-27 14:36:27 UTC
Description of problem:
Non-root users need to be able to "view" but not "administer" cluster and service status for themselves.  Can this be made configurable via a flag in cluster.conf for those who want to keep the cluster status private, i.e. for root only?

Version-Release number of selected component (if applicable):
rgmanager-2.0.46-1.el5

How reproducible:
Easy to reproduce, see below:

Steps to Reproduce:
1.  Log in as non-root user
2.  Run "/usr/sbin/clustat"
  
Actual results:
[oraadm@nodea ~]$ /usr/sbin/clustat
Could not connect to CMAN: Permission denied

Expected results:
Successful cluster status listing, including status and owner of each service.

Additional info:
This was fixed in RHCS 4, but it re-appeared again with the new RHCS 5 core.  See Bug 172178 for the RHCS 4 bugzilla entry.

(9:36:34 AM) lon: rgmanager needs to split the sockets up -
(9:36:40 AM) lon: use 1 socket for 'requests' e.g. clusvcadm
(9:36:46 AM) lon: and the other for 'status' - e.g. clustat
(9:36:48 AM) lon: right now it's 1 socket

Comment 1 Lon Hohberger 2009-10-28 21:05:03 UTC
Created attachment 366498 [details]
Possible fix

Allows users in the 'root' group access to 'clustat' information.  Since cman also has this requirement for cman_tool (nodes|status|services|etc), it's not unreasonable to mirror this.

Clusvcadm is still restricted to the root user.

Comment 2 Bug Zapper 2009-11-16 14:25:20 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 3 Lon Hohberger 2010-01-12 18:55:59 UTC
fixed in rgmanager-3.0.7


Note You need to log in before you can comment on or make changes to this bug.