statd-callout: Make sure statd callout script always runs as root

In RHEL 6+, rpc.statd runs as "rpcuser" instead of root as on RHEL 5. This
prevents CTDB tool commands talking to daemon since "rpcuser" cannot access
CTDB socket.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Martin Schwenke <martin@meltin.net>
(cherry picked from commit fe8c4880b371492a38554868d4ca10918c54e412)

Conflicts:
	packaging/RPM/ctdb.spec.in

diff --git a/Makefile.in b/Makefile.in
index 10323491d8e173b0bfbebf57a2aa7504116d231b..127d72e40656f740ecb30350a515960e376faa37 100755 (executable)
--- a/Makefile.in
+++ b/Makefile.in
@@ -266,6 +266,7 @@ install: all
        ${INSTALLCMD} -m 644 include/ctdb_protocol.h $(DESTDIR)$(includedir)
        ${INSTALLCMD} -m 644 include/ctdb_private.h $(DESTDIR)$(includedir) # for samba3
        ${INSTALLCMD} -m 644 include/ctdb_typesafe_cb.h $(DESTDIR)$(includedir)
+       ${INSTALLCMD} -m 440 config/ctdb.sudoers $(DESTDIR)$(etcdir)/sudoers.d/ctdb
        ${INSTALLCMD} -m 644 config/functions $(DESTDIR)$(etcdir)/ctdb
        ${INSTALLCMD} -m 755 config/statd-callout $(DESTDIR)$(etcdir)/ctdb
        ${INSTALLCMD} -m 755 config/interface_modify.sh $(DESTDIR)$(etcdir)/ctdb

diff --git a/config/ctdb.sudoers b/config/ctdb.sudoers
new file mode 100644 (file)
index 0000000..1c6619b
--- /dev/null
+++ b/config/ctdb.sudoers
@@ -0,0 +1,3 @@
+Defaults!/etc/ctdb/statd-callout       !requiretty
+
+rpcuser                ALL=(ALL)       NOPASSWD: /etc/ctdb/statd-callout

diff --git a/config/statd-callout b/config/statd-callout
index 39be9d3d4a1f085fb37b018163b0492a5faaaa20..d20fd50d4a68562ac2db3bd6ac6b0db568046c4a 100755 (executable)
--- a/config/statd-callout
+++ b/config/statd-callout
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# This must run as root as CTDB tool commands need to access CTDB socket
+[ $(id -u) -eq 0 ] || exec sudo "$0" "$@"
+
 # this script needs to be installed so that statd points to it with the -H 
 # command line argument. The easiest way to do that is to put something like this in 
 # /etc/sysconfig/nfs:

diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in
index edcc4589acfdb03c117dbf05e3c0d09d4f74d39b..624feecf3d5c36a5377475200e54abdb44bb013b 100644 (file)
--- a/packaging/RPM/ctdb.spec.in
+++ b/packaging/RPM/ctdb.spec.in
@@ -12,8 +12,12 @@ URL: http://ctdb.samba.org/
 
 Source: ctdb-%{version}.tar.gz
 
-Prereq: /bin/mktemp /usr/bin/killall
-Prereq: fileutils sed /etc/init.d
+# Packages
+Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool, sudo
+# Commands - package name might vary
+Requires: /usr/bin/killall, /bin/kill, /bin/netstat
+# Directories
+Requires: /etc/init.d
 
 Provides: ctdb = %{version}
 
@@ -63,6 +67,7 @@ rm -rf $RPM_BUILD_ROOT
 # Create the target build directory hierarchy
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.d
 
 make DESTDIR=$RPM_BUILD_ROOT docdir=%{_docdir} install
 
@@ -96,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %{_docdir}/ctdb/README.eventscripts
 %{_docdir}/ctdb/recovery-process.txt
+%{_sysconfdir}/sudoers.d/ctdb
 %{_sysconfdir}/ctdb/events.d/00.ctdb
 %{_sysconfdir}/ctdb/events.d/01.reclock
 %{_sysconfdir}/ctdb/events.d/10.interface