From d931e73fb83fe1ced9c41b06c15060fd18aff3d7 Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Wed, 3 Apr 2013 14:44:08 +1100 Subject: statd-callout: Make sure statd callout script always runs as root In RHEL 6+, rpc.statd runs as "rpcuser" instead of root as on RHEL 5. This prevents CTDB tool commands talking to daemon since "rpcuser" cannot access CTDB socket. Signed-off-by: Amitay Isaacs Pair-Programmed-With: Martin Schwenke (This used to be ctdb commit fe8c4880b371492a38554868d4ca10918c54e412) --- ctdb/Makefile.in | 1 + ctdb/config/ctdb.sudoers | 3 +++ ctdb/config/statd-callout | 3 +++ ctdb/packaging/RPM/ctdb.spec.in | 4 +++- 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 ctdb/config/ctdb.sudoers (limited to 'ctdb') diff --git a/ctdb/Makefile.in b/ctdb/Makefile.in index 762f788515c..9511e906de6 100755 --- a/ctdb/Makefile.in +++ b/ctdb/Makefile.in @@ -330,6 +330,7 @@ install: all manpages $(PMDA_INSTALL) ${INSTALLCMD} -m 644 include/ctdb_protocol.h $(DESTDIR)$(includedir) ${INSTALLCMD} -m 644 include/ctdb_private.h $(DESTDIR)$(includedir) # for samba3 ${INSTALLCMD} -m 644 include/ctdb_typesafe_cb.h $(DESTDIR)$(includedir) + ${INSTALLCMD} -m 440 config/ctdb.sudoers $(DESTDIR)$(etcdir)/sudoers.d/ctdb ${INSTALLCMD} -m 644 config/functions $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 755 config/statd-callout $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 644 README $(DESTDIR)$(docdir)/ctdb/README diff --git a/ctdb/config/ctdb.sudoers b/ctdb/config/ctdb.sudoers new file mode 100644 index 00000000000..1c6619b654b --- /dev/null +++ b/ctdb/config/ctdb.sudoers @@ -0,0 +1,3 @@ +Defaults!/etc/ctdb/statd-callout !requiretty + +rpcuser ALL=(ALL) NOPASSWD: /etc/ctdb/statd-callout diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout index a9c2e3dfba5..94bd2dd7fbd 100755 --- a/ctdb/config/statd-callout +++ b/ctdb/config/statd-callout @@ -1,5 +1,8 @@ #!/bin/sh +# This must run as root as CTDB tool commands need to access CTDB socket +[ $(id -u) -eq 0 ] || exec sudo "$0" "$@" + # this script needs to be installed so that statd points to it with the -H # command line argument. The easiest way to do that is to put something like this in # /etc/sysconfig/nfs: diff --git a/ctdb/packaging/RPM/ctdb.spec.in b/ctdb/packaging/RPM/ctdb.spec.in index 50287ab0912..cb860443e53 100644 --- a/ctdb/packaging/RPM/ctdb.spec.in +++ b/ctdb/packaging/RPM/ctdb.spec.in @@ -13,7 +13,7 @@ URL: http://ctdb.samba.org/ Source: ctdb-%{version}.tar.gz # Packages -Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool +Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool, sudo # Commands - package name might vary Requires: /usr/bin/killall, /bin/kill, /bin/netstat # Directories @@ -96,6 +96,7 @@ rm -rf $RPM_BUILD_ROOT # Create the target build directory hierarchy mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.d make DESTDIR=$RPM_BUILD_ROOT docdir=%{_docdir} install install_tests @@ -136,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT %{_docdir}/ctdb/onnode.1.html %{_docdir}/ctdb/ltdbtool.1.html %{_docdir}/ctdb/ping_pong.1.html +%{_sysconfdir}/sudoers.d/ctdb %{_sysconfdir}/ctdb/events.d/00.ctdb %{_sysconfdir}/ctdb/events.d/01.reclock %{_sysconfdir}/ctdb/events.d/10.interface -- cgit