[Pacemaker] Running pacemaker as non-root user

Discussion:

N, Ravikiran

2015-02-24 11:36:16 UTC

Hi all,

I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is 'admin' user).
I did add the user('admin') to haclient group, but it is of no help. I get the following error on start :

[***@vm4 ~]$ service pacemaker start
Only root can execute /etc/init.d/cman script
Starting Pacemaker Cluster Manager: touch: cannot touch `/var/lock/subsys/pacemaker': Permission denied
/etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
[ OK ]
[***@vm4 ~]$ id admin
uid=500(admin) gid=500(admin) groups=500(admin),10(wheel),496(haclient)

Can anybody help me here or point me to any resource to resolve this.. ?

Thanks in advance.. :)

Regards,
Ravikiran N

Andrew Beekhof

2015-02-24 20:01:27 UTC

Permalink

Post by N, Ravikiran
Hi all,
I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is ‘admin’ user).
Only root can execute /etc/init.d/cman script
Starting Pacemaker Cluster Manager: touch: cannot touch `/var/lock/subsys/pacemaker': Permission denied
/etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
[ OK ]
uid=500(admin) gid=500(admin) groups=500(admin),10(wheel),496(haclient)
Can anybody help me here or point me to any resource to resolve this.. ?

These are OS-level security mechanisms.
Adding admin to the haclient group doesn't magically give you the ability to run commands like 'service' or modify files as root.

You tried 'pcs cluster start' too?

Post by N, Ravikiran
Thanks in advance.. J
Regards,
Ravikiran N
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

N, Ravikiran

2015-02-25 04:40:52 UTC

Permalink

Hi Andrew,

Yes I tried 'pcs' commands. Even they do not work, they throw the same error.

Ravikiran

-----Original Message-----
From: Andrew Beekhof [mailto:***@beekhof.net]
Sent: Wednesday, February 25, 2015 1:31 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user

Post by N, Ravikiran
Hi all,
I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is ‘admin’ user).
cannot touch `/var/lock/subsys/pacemaker': Permission denied
/etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
[ OK ]
uid=500(admin) gid=500(admin)
groups=500(admin),10(wheel),496(haclient)
Can anybody help me here or point me to any resource to resolve this.. ?

Post by N, Ravikiran
Thanks in advance.. J
Regards,
Ravikiran N
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

N, Ravikiran

2015-02-25 06:32:37 UTC

Permalink

I could resolve this by adding user 'admin' to sudoers list.. I added the user to 'wheel' user. With this I can run all commands with a sude appended..

Thanks for your help.. :)

Ravikiran

-----Original Message-----
From: N, Ravikiran
Sent: Wednesday, February 25, 2015 10:11 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user

Hi Andrew,

Yes I tried 'pcs' commands. Even they do not work, they throw the same error.

Ravikiran

-----Original Message-----
From: Andrew Beekhof [mailto:***@beekhof.net]
Sent: Wednesday, February 25, 2015 1:31 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user

Post by N, Ravikiran
Thanks in advance.. J
Regards,
Ravikiran N
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

_______________________________________________
Pacemaker mailing list: ***@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: ***@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: ***@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster