diff options
| author | Amitay Isaacs <amitay@gmail.com> | 2013-04-03 14:44:08 +1100 |
|---|---|---|
| committer | Amitay Isaacs <amitay@gmail.com> | 2013-04-08 11:14:28 +1000 |
| commit | d931e73fb83fe1ced9c41b06c15060fd18aff3d7 (patch) | |
| tree | d4223a6b1ebfacdcc7cf420ce4711b695b1b6d19 /ctdb | |
| parent | 41f0252da22b97667ecdbc2235930d3b2523aa4d (diff) | |
| download | samba-d931e73fb83fe1ced9c41b06c15060fd18aff3d7.tar.gz samba-d931e73fb83fe1ced9c41b06c15060fd18aff3d7.tar.xz samba-d931e73fb83fe1ced9c41b06c15060fd18aff3d7.zip | |
statd-callout: Make sure statd callout script always runs as root
In RHEL 6+, rpc.statd runs as "rpcuser" instead of root as on RHEL 5. This
prevents CTDB tool commands talking to daemon since "rpcuser" cannot access
CTDB socket.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit fe8c4880b371492a38554868d4ca10918c54e412)
Diffstat (limited to 'ctdb')
| -rwxr-xr-x | ctdb/Makefile.in | 1 | ||||
| -rw-r--r-- | ctdb/config/ctdb.sudoers | 3 | ||||
| -rwxr-xr-x | ctdb/config/statd-callout | 3 | ||||
| -rw-r--r-- | ctdb/packaging/RPM/ctdb.spec.in | 4 |
4 files changed, 10 insertions, 1 deletions
diff --git a/ctdb/Makefile.in b/ctdb/Makefile.in index 762f788515c..9511e906de6 100755 --- a/ctdb/Makefile.in +++ b/ctdb/Makefile.in @@ -330,6 +330,7 @@ install: all manpages $(PMDA_INSTALL) ${INSTALLCMD} -m 644 include/ctdb_protocol.h $(DESTDIR)$(includedir) ${INSTALLCMD} -m 644 include/ctdb_private.h $(DESTDIR)$(includedir) # for samba3 ${INSTALLCMD} -m 644 include/ctdb_typesafe_cb.h $(DESTDIR)$(includedir) + ${INSTALLCMD} -m 440 config/ctdb.sudoers $(DESTDIR)$(etcdir)/sudoers.d/ctdb ${INSTALLCMD} -m 644 config/functions $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 755 config/statd-callout $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 644 README $(DESTDIR)$(docdir)/ctdb/README diff --git a/ctdb/config/ctdb.sudoers b/ctdb/config/ctdb.sudoers new file mode 100644 index 00000000000..1c6619b654b --- /dev/null +++ b/ctdb/config/ctdb.sudoers @@ -0,0 +1,3 @@ +Defaults!/etc/ctdb/statd-callout !requiretty + +rpcuser ALL=(ALL) NOPASSWD: /etc/ctdb/statd-callout diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout index a9c2e3dfba5..94bd2dd7fbd 100755 --- a/ctdb/config/statd-callout +++ b/ctdb/config/statd-callout @@ -1,5 +1,8 @@ #!/bin/sh +# This must run as root as CTDB tool commands need to access CTDB socket +[ $(id -u) -eq 0 ] || exec sudo "$0" "$@" + # this script needs to be installed so that statd points to it with the -H # command line argument. The easiest way to do that is to put something like this in # /etc/sysconfig/nfs: diff --git a/ctdb/packaging/RPM/ctdb.spec.in b/ctdb/packaging/RPM/ctdb.spec.in index 50287ab0912..cb860443e53 100644 --- a/ctdb/packaging/RPM/ctdb.spec.in +++ b/ctdb/packaging/RPM/ctdb.spec.in @@ -13,7 +13,7 @@ URL: http://ctdb.samba.org/ Source: ctdb-%{version}.tar.gz # Packages -Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool +Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool, sudo # Commands - package name might vary Requires: /usr/bin/killall, /bin/kill, /bin/netstat # Directories @@ -96,6 +96,7 @@ rm -rf $RPM_BUILD_ROOT # Create the target build directory hierarchy mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.d make DESTDIR=$RPM_BUILD_ROOT docdir=%{_docdir} install install_tests @@ -136,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT %{_docdir}/ctdb/onnode.1.html %{_docdir}/ctdb/ltdbtool.1.html %{_docdir}/ctdb/ping_pong.1.html +%{_sysconfdir}/sudoers.d/ctdb %{_sysconfdir}/ctdb/events.d/00.ctdb %{_sysconfdir}/ctdb/events.d/01.reclock %{_sysconfdir}/ctdb/events.d/10.interface |