Running HA as nobody:nobody

Question

I am running 5.1 HA on a RHEL setup. Right now I have a working cluster with application failover. All our application are set to be run as the nobody:nobody account on the system. As part of the HA integration a requirement came up to that we need to be able to start and stop services and run commands with the nobody:nobody account. Because VCS&nbsp; is all setup to run as root, what it is the best way to accomplish this?

satish_k__pagar · Accepted Answer

You need to use the following:
root # hauser -add nobody -priv Administrator
(Provide the password here)
Now enter into nobody's account:

root # su - nobody
Execute the following so that ha commands will not require a password for this user shell.
	nobody $ halogin nobody &lt;password&gt;
nobody $ hares -state
Now all "ha" commands should work fine through "nobody" account without requiring password.
Hope that helps.

satish_k__pagar · Answer

In case you have configured your applications using the "Application" agent in VCS, you can set the "User" attribute for that particular resource to "nobody". All the StarProgram, StopProgram CleanProgram executables will be run in that user's context on the system. What other agents have you used to cluster your applications for failover? Most of the agents supported do have an attribute such as "User".

mkruer · Answer

All the applications are using the correct permissions internally. However I need to be able to run the hares, hagrp, vcs, hastatus, haconfig, gabconfig from the nobody account without it having to login su to root and without HA asking me for a username/password to login to access the HA information. Perhaps a better way to phrase the issue is I need to either run HA with a different account or give nobody access to run HA commands. How would I make the nobody account an admin of HA?

mkruer · Answer

Would this work for what I am trying to accomplish? if so how do I resolve the issue?

# hauser -addpriv nobody AdministratorGroup

VCS WARNING V-16-1-10049 This operation is not permitted as the cluster is not running in secure mode

mkruer · Answer

That helps a lot. I think I am 90% there.

I just have one more questions

I have a script that collects the information

Right now I am using a simple "/etc/init.d/vcs status | grep running..." to get the status of vcs. Is there better way to get this even if vcs is not running?

mkruer · Answer

changing ownership of the file /etc/sysconfig/vcs to nobody fixes the one outstanding permission issue.
&nbsp;

Forum Discussion

Running HA as nobody:nobody

6 Replies

Related Content

NBUITA 11.4.0 Has Been Released

Integration of NITA (NetBackup IT Analytics) with Azure has failed.

Re: Backup exec management services could not be started

Re: Unable to connect to server '(local)'; SQLServerAgent cannot start

Re: VCS Warning errors in IPMultiNICB

Recent Discussions

Buy Guest Post | Pros and Cons of the ordinary Guest posts!

How to Test the standard of the Services Offered by a Guest Post Service! -Buy Guest post

Are Buy Guest Post Services worthwhile for Your Business?

Riva Metaverse

How Do I Find Out A Solution To Tackle Fake Cash App Payment Screenshot Generator?