Amfnd is hard-coded to run as root:
"src/amf/amfnd/main.cc":
daemonize_as_user("root", argc, argv);
This needs to be removed.
This is with reference to User Query and the patch(attached) was provided by Praveen:
On 13-Apr-17 7:27 PM, Carroll, James R wrote:
Hi,
I am using openSAF 5.0, and it appears that some of the openSAF (amfnd) daemons are hard-coded to run as root.
Is there any way to disable this feature, so that I do not have to run the daemon as root?I see the following note in the README documentation:
Only two processes are running as root, amfnd and smfnd. Reason is
that amfnd need todo that for backwards compatible reasons and the programs it starts might be designed to require root access.We are trying to run all of our programs as non-root. Regarding the documentation noted above, if we can start all our programs as non-root, then we would not need to run the opensaf as root.
As of now, it is hard-coded in amfnd to run as root.
Attached are patches on default and 5.0 branch to enable amfnd to start as non-root.
After installation of OpenSAF, uncomment "#AMFND_NON_ROOT=1" line in amfnd.conf to enable amfnd to run as a user as mentioned in amfnd.conf.
By default it will run as root.
Thanks
Praveen
Hi,
I assume it is invalid ticket. As in README smfnd and amfnd were designed to run as root and amfnd run as root to backward compatible.
B.R
Hi Thang,
1. This is the option/flexibility being provided, not breaking anything. It is by default off.
2. As you can see in the tickt description, the requirement was reported in the user's list, so it looks real use case. This helps in increasing OpenSAF' adaptation across the globe.
3. Many users doesn't use Smf and they start from 5.20.05 onwards, needn't worry about a release 4.2, which was released 6 or 7 years back. So, no backward compatibility issue, agree ??
Please suggest.
Thanks
-Nagendra
Hi Nagu,
OK.
So this configuration will be handled by user if he/she wants to enable it.
B.R/Thang
That's right, Thang.
Thanks
-Nagu
https://sourceforge.net/p/opensaf/mailman/opensaf-devel/thread/CANk6odEEbLnJ0A17z%3DRvgO9RyO%2BLV4sj5Tp-T5Q0mrro8spV-w%40mail.gmail.com/#msg37071400
commit bfe4731f227413af8fd6f0fd25de9d9c0ebea584
Author: Anand Sundararaj s.anand@gethighavailability.com
Date: Sun Aug 9 11:50:44 2020 +1000