[Pacemaker] failed actions: insufficient privileges
Alfredo Parisi
alfredo.parisi at gmail.com
Sat Jun 11 13:13:17 EDT 2011
Thanks again for the response.
Actually these are my permissions on /var/run/mysqld
root at server1:/var/run# ls -l | grep mysql
drwxr-xr-x 2 mysql root 40 2011-06-11 19:06
they are correct for mysql on pacemaker?thanks
2011/6/11 Vladislav Bogdanov <bubble at hoster-ok.com>
> 11.06.2011 19:01, Alfredo Parisi wrote:
> > Hi and thanks for the reply.
> > I've found the problem, pacemaker haven't the privileges for create the
> > file mysqld.sock, infact if I stop one server and create mysqld.sock
> > with 777 and own mysql:mysql, after restart corosync, it works...
> > but this is only a temporary solution because when corosync is stopped
> > on that machine, it delete the file socks and I have again the error.
> > Someone can help me for resolve this problem with the privileges.
>
> Resources are run by lrmd under root permissions, so mysqld is started
> by root. It then switches to mysql user and then creates that unix
> socket. Please verify that directory it use for socket is writable by
> mysql user. F.e. not /var/run which is only root-writable, but
> /var/run/mysql which has correct ownership and permissions. Then mysqld
> has enough power to create any file there if only DAC security model is
> in use.
>
> This is not necessary true for other security models like selinux,
> grsecurity or RBAC. They require additional settings to be done. Most
> common one is selinux, it is enabled by default on at least Fedora and
> RHEL setups. Unfortunately there is no selinux policy module for
> pacemaker yet, so selinux should be disabled for it to run.
>
> Don't you have it enabled BTW?
>
> If yes, then try to disable it (permanently).
>
>
> Best,
> Vladislav
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs:
> http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110611/e1937d2b/attachment-0003.html>
More information about the Pacemaker
mailing list