On 11/06/12 13:59 +0800, Gao,Yan wrote:
Hi, I'm sill looking at how to fix the ACLs support of pacemaker.
AFAICS, if a server is ran by root, when a client connects to it, the "/dev/shm/qb-*" file will be chown to the client's uid/gid. While if a server is ran by an ordinary user and being connected by another ordinary user, since the server doesn't have the permission to chown the file to another user, and the file mode is 0600, so the client will get "permission denied ".
Cib daemon runs as "uid: hacluster, gid: root", and we want all the users in "haclient" group have access to CIB. Is there any way for cib daemon to know the file path or the fd for a request, so that it can change the mode/group of the file? Or are there any other solutions for this?
One option is to change qb_rb_chown() to do the following: if (myuid == owner) { // no need to change anything return 0; } if (myuid == 0) { // normal chown (as it does now) } else if (mygid == 0 || mygid == group) { // chgrp && chmod 0660 }
Do you think this will solve your problem?
-Angus
Thanks, Gao,Yan -- Gao,Yan ygao@suse.com Software Engineer China Server Team, SUSE. _______________________________________________ quarterback-devel mailing list quarterback-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/quarterback-devel