[ClusterLabs] permissions under /etc/corosync/qnetd

Jan Friesse jfriesse at redhat.com
Tue Nov 8 10:15:59 UTC 2016


Ferenc Wágner napsal(a):
> Jan Friesse <jfriesse at redhat.com> writes:
>
>> Ferenc Wágner napsal(a):
>>
>>> Have you got any plans/timeline for 2.4.2 yet?
>>
>> Yep, I'm going to release it in few minutes/hours.
>
> Man, that was quick.  I've got a bunch of typo fixes queued..:) Please
> consider announcing upcoming releases a couple of days in advance; as a
> packager, I'd much appreciate it.  Maybe even tag release candidates...

We are tagging RC of big releases. This release was super small (eventho 
breaking compatibility). And actually, it's better to be released rather 
sooner than later. I will definitively think about RC of smaller 
releases (2.3.x -> 2.4.x).

>
> Anyway, I've got a question concerning corosync-qnetd.  I run it as
> user and group coroqnetd.  Is granting it read access to cert8.db and
> key3.db enough for proper operation?  corosync-qnetd-certutil gives

Should be, but it's not tested.

> write access to group coroqnetd to everything, which seems unintuitive

Yep. Idea is to allow scenario of qnetd administrator role. So basically 
regular (non-root) user within coroqnetd group without root passwd 
knowledge/sudo administering qnetd.


> to me.  Please note that I've got zero experience with NSS.  But I don't
> expect the daemon to change the certificate database.  Should I?

Nope it shouldn't.

Regards,
   Honza

>





More information about the Users mailing list