[pgpool-general: 1590] watchdog root requirement
kyleo at 0b10.mx
Thu Apr 11 05:55:30 JST 2013
I am trying to avoid running pgpool as root but it seems it expects you to use a setuid root executable (which I'm not comfortable with). I've come up with a solution which I think should be acceptable but does not currently work because the code will exit based on what it thinks is required.
I feel like this should be decided by the administrator via either compile time option and/or command line argument and or configuration param.
Here's what I've done:
ifconfig_path = '/var/lib/postgresql/bin'
if_up_cmd = 'pg_ifconfig eth0:2 $_IP_$ 255.255.255.0 up'
if_down_cmd = 'pg_ifconfig eth0:2 $_IP_$ 255.255.255.0 down'
arping_path = '/var/lib/postgresql/bin' # arping command path
arping_cmd = 'pg_arping $_IP_$ 1'
created 2 scripts (pg_arping/pg_ifconfig) which execute the commands required via sudo:
$ cat pg_arping
[ $# -ne 2 ] && echo "$0 ip.add.re.ss timeout" && exit 3
/usr/bin/sudo /usr/sbin/arping -U $ip -w $timeout
$ cat pg_ifconfig
[ $# -ne 4 ] && echo "$0 interface ip.add.re.ss netmask [up|down]" && exit 3
/usr/bin/sudo /sbin/ifconfig $iface inet $ip netmask $netmask $action
FYI to get this working I simply removed the code I didn't like, but I'm not a huge fan of this either:
/* check root
if (geteuid() != 0)
pool_error("watchdog must be started under the privileged user ID to up/down virtual network interface.");
More information about the pgpool-general