Menu

#3205 Should amfnd running as root be made configurable?

5.20.08
fixed
nobody
None
enhancement
amf
nd
minor
False
2020-08-09
2020-07-21
Anand Sundararaj
No

Amfnd is hard-coded to run as root:
"src/amf/amfnd/main.cc":
daemonize_as_user("root", argc, argv);
This needs to be removed.

This is with reference to User Query and the patch(attached) was provided by Praveen:

On 13-Apr-17 7:27 PM, Carroll, James R wrote:

Hi,

I am using openSAF 5.0, and it appears that some of the openSAF (amfnd) daemons are hard-coded to run as root.
Is there any way to disable this feature, so that I do not have to run the daemon as root?

I see the following note in the README documentation:
Only two processes are running as root, amfnd and smfnd. Reason is
that amfnd need todo that for backwards compatible reasons and the programs it starts might be designed to require root access.

We are trying to run all of our programs as non-root. Regarding the documentation noted above, if we can start all our programs as non-root, then we would not need to run the opensaf as root.

As of now, it is hard-coded in amfnd to run as root.
Attached are patches on default and 5.0 branch to enable amfnd to start as non-root.
After installation of OpenSAF, uncomment "#AMFND_NON_ROOT=1" line in amfnd.conf to enable amfnd to run as a user as mentioned in amfnd.conf.
By default it will run as root.

Thanks
Praveen

1 Attachments
amfnd_non_root_default.patch

Related

Wiki: ChangeLog-5.20.08
Wiki: NEWS-5.20.08

Discussion

  • Anand Sundararaj

    Anand Sundararaj - 2020-07-21
    • status: accepted --> review
     

  • Thang Duc Nguyen

    Thang Duc Nguyen - 2020-07-27

    Hi,
    I assume it is invalid ticket. As in README smfnd and amfnd were designed to run as root and amfnd run as root to backward compatible.

    B.R

     

  • Nagendra Kumar

    Nagendra Kumar - 2020-07-27

    Hi Thang,
    1. This is the option/flexibility being provided, not breaking anything. It is by default off.
    2. As you can see in the tickt description, the requirement was reported in the user's list, so it looks real use case. This helps in increasing OpenSAF' adaptation across the globe.
    3. Many users doesn't use Smf and they start from 5.20.05 onwards, needn't worry about a release 4.2, which was released 6 or 7 years back. So, no backward compatibility issue, agree ??
    Please suggest.
    Thanks
    -Nagendra

     

  • Thang Duc Nguyen

    Thang Duc Nguyen - 2020-07-27

    Hi Nagu,

    OK.
    So this configuration will be handled by user if he/she wants to enable it.

    B.R/Thang

     

    • Nagendra Kumar

      Nagendra Kumar - 2020-07-27

      That's right, Thang.
      Thanks
      -Nagu

       

  • Mathi Naickan

    Mathi Naickan - 2020-07-28
    • summary: amf: remove hard-coding in amfnd --> Should amfnd be allowed to run as root?
     

  • Mathi Naickan

    Mathi Naickan - 2020-07-28
    • summary: Should amfnd be allowed to run as root? --> Should amfnd running as root be made configurable?
     

  • Minh Hon Chau

    Minh Hon Chau - 2020-08-09
    • status: review --> fixed
    • assigned_to: Anand Sundararaj --> nobody
     

  • Minh Hon Chau

    Minh Hon Chau - 2020-08-09

    commit bfe4731f227413af8fd6f0fd25de9d9c0ebea584
    Author: Anand Sundararaj s.anand@gethighavailability.com
    Date: Sun Aug 9 11:50:44 2020 +1000

    amf: Provide configuration option to run amfnd as non-root [#3205]
     

Log in to post a comment.