[Pacemaker] /.crm_help_index file (in system root aka /)

Dejan Muhamedagic dejanmm at fastmail.fm
Thu Jul 15 12:27:29 UTC 2010


Hi,

On Wed, Jul 14, 2010 at 04:16:24PM +0200, Raoul Bhatia [IPAX] wrote:
> On 07/13/2010 09:47 PM, Maros Timko wrote:
> > The python crm scripts use os.getenv("HOME") to decide where to look
> > for or store the history file. Some of the environments (cronjob or
> > sudo) do have HOME set to "/".
> > Try to prepend crm call with:
> > export HOME=/root
> 
> ok, i think i found the reason:
> 
> we're monitoring our servers using the nagios nrpe server.
> 
> nagios-nrpe-server.preinst on debian lenny adds the nagios user via:
> > adduser --system --group --no-create-home --home /var/log/nagios --quiet nagios
> 
> but this directory does not exist:
> 
> > # ls -ald /var/log/nagios
> > ls: cannot access /var/log/nagios: No such file or directory
> > # su - nagios
> > No directory, logging in with HOME=/
> 
> we then use "sudo crm ..." to monitor the cluster and it's node, so
> crm will re-build the index in $HOME which is /
> 
> changing nagios' homedir or creating /var/log/nagios fixes this issue.
> .crm_help_index is then created inside this user's $HOME.
> 
> thanks for your advice and the valuable input.
> 
> would it be reasonable to use /tmp or /var/tmp in case that $HOME
> resolves to / or in case that $HOME isn't writable by this user?

Writing to files in /tmp with easily predictable names is a security
hole.

> (or not create the .crm_help_index at all)

Yes. That should be easy, but needs some testing.

Thanks,

Dejan

> cheers,
> raoul
> -- 
> ____________________________________________________________________
> DI (FH) Raoul Bhatia M.Sc.          email.          r.bhatia at ipax.at
> Technischer Leiter
> 
> IPAX - Aloy Bhatia Hava OG          web.          http://www.ipax.at
> Barawitzkagasse 10/2/2/11           email.            office at ipax.at
> 1190 Wien                           tel.               +43 1 3670030
> FN 277995t HG Wien                  fax.            +43 1 3670030 15
> ____________________________________________________________________
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker




More information about the Pacemaker mailing list