Mailing List Archive

> On 24 Feb 2015, at 10:36 pm, N, Ravikiran <ravikiran.n@hp.com> wrote:
>
> Hi all,
>
> I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is ‘admin’ user).
> I did add the user(‘admin’) to haclient group, but it is of no help. I get the following error on start :
>
> [admin@vm4 ~]$ service pacemaker start
> Only root can execute /etc/init.d/cman script
> Starting Pacemaker Cluster Manager: touch: cannot touch `/var/lock/subsys/pacemaker': Permission denied
> /etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
> [ OK ]
> [admin@vm4 ~]$ id admin
> uid=500(admin) gid=500(admin) groups=500(admin),10(wheel),496(haclient)
>
> Can anybody help me here or point me to any resource to resolve this.. ?

These are OS-level security mechanisms.
Adding admin to the haclient group doesn't magically give you the ability to run commands like 'service' or modify files as root.

You tried 'pcs cluster start' too?

>
> Thanks in advance.. J
>
> Regards,
> Ravikiran N
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org


_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Hi Andrew,

Yes I tried 'pcs' commands. Even they do not work, they throw the same error.

Ravikiran

-----Original Message-----
From: Andrew Beekhof [mailto:andrew@beekhof.net]
Sent: Wednesday, February 25, 2015 1:31 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user


> On 24 Feb 2015, at 10:36 pm, N, Ravikiran <ravikiran.n@hp.com> wrote:
>
> Hi all,
>
> I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is ‘admin’ user).
> I did add the user(‘admin’) to haclient group, but it is of no help. I get the following error on start :
>
> [admin@vm4 ~]$ service pacemaker start Only root can execute
> /etc/init.d/cman script Starting Pacemaker Cluster Manager: touch:
> cannot touch `/var/lock/subsys/pacemaker': Permission denied
> /etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
> [ OK ]
> [admin@vm4 ~]$ id admin
> uid=500(admin) gid=500(admin)
> groups=500(admin),10(wheel),496(haclient)
>
> Can anybody help me here or point me to any resource to resolve this.. ?

These are OS-level security mechanisms.
Adding admin to the haclient group doesn't magically give you the ability to run commands like 'service' or modify files as root.

You tried 'pcs cluster start' too?

>
> Thanks in advance.. J
>
> Regards,
> Ravikiran N
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org


_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

I could resolve this by adding user 'admin' to sudoers list.. I added the user to 'wheel' user. With this I can run all commands with a sude appended..

Thanks for your help.. :)

Ravikiran

-----Original Message-----
From: N, Ravikiran
Sent: Wednesday, February 25, 2015 10:11 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user

Hi Andrew,

Yes I tried 'pcs' commands. Even they do not work, they throw the same error.

Ravikiran

-----Original Message-----
From: Andrew Beekhof [mailto:andrew@beekhof.net]
Sent: Wednesday, February 25, 2015 1:31 AM
To: The Pacemaker cluster resource manager
Subject: Re: [Pacemaker] Running pacemaker as non-root user


> On 24 Feb 2015, at 10:36 pm, N, Ravikiran <ravikiran.n@hp.com> wrote:
>
> Hi all,
>
> I was trying to find out whether it is possible to START/STOP pacemaker, and also run PCS commands as non-root user (in my case it is ‘admin’ user).
> I did add the user(‘admin’) to haclient group, but it is of no help. I get the following error on start :
>
> [admin@vm4 ~]$ service pacemaker start Only root can execute
> /etc/init.d/cman script Starting Pacemaker Cluster Manager: touch:
> cannot touch `/var/lock/subsys/pacemaker': Permission denied
> /etc/init.d/pacemaker: line 94: /var/run/pacemakerd.pid: Permission denied
> [ OK ]
> [admin@vm4 ~]$ id admin
> uid=500(admin) gid=500(admin)
> groups=500(admin),10(wheel),496(haclient)
>
> Can anybody help me here or point me to any resource to resolve this.. ?

These are OS-level security mechanisms.
Adding admin to the haclient group doesn't magically give you the ability to run commands like 'service' or modify files as root.

You tried 'pcs cluster start' too?

>
> Thanks in advance.. J
>
> Regards,
> Ravikiran N
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org


_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org