07-25-2012 10:51 AM
I am running 5.1 HA on a RHEL setup. Right now I have a working cluster with application failover. All our application are set to be run as the nobody:nobody account on the system. As part of the HA integration a requirement came up to that we need to be able to start and stop services and run commands with the nobody:nobody account. Because VCS is all setup to run as root, what it is the best way to accomplish this?
Solved! Go to Solution.
07-26-2012 11:47 PM
You need to use the following:
root # hauser -add nobody -priv Administrator
(Provide the password here)
Now enter into nobody's account:
root # su - nobody
Execute the following so that ha commands will not require a password for this user shell.
nobody $ halogin nobody <password>
nobody $ hares -state
Now all "ha" commands should work fine through "nobody" account without requiring password.
Hope that helps.
07-26-2012 12:17 AM
In case you have configured your applications using the "Application" agent in VCS, you can set the "User" attribute for that particular resource to "nobody". All the StarProgram, StopProgram CleanProgram executables will be run in that user's context on the system. What other agents have you used to cluster your applications for failover? Most of the agents supported do have an attribute such as "User".
07-26-2012 10:18 AM
07-26-2012 10:42 AM
07-26-2012 11:47 PM
You need to use the following:
root # hauser -add nobody -priv Administrator
(Provide the password here)
Now enter into nobody's account:
root # su - nobody
Execute the following so that ha commands will not require a password for this user shell.
nobody $ halogin nobody <password>
nobody $ hares -state
Now all "ha" commands should work fine through "nobody" account without requiring password.
Hope that helps.
07-27-2012 11:52 AM
07-27-2012 04:42 PM
changing ownership of the file /etc/sysconfig/vcs to nobody fixes the one outstanding permission issue.