Bug #5172
closed
ncf-api does not run as root and cannot use command to read/write promises
Added by Vincent MEMBRÉ over 10 years ago.
Updated over 10 years ago.
Category:
System integration
Description
ncf-api cannot write or read completetly data from techniques:
Since it's run as apache user you can't run cf-promises from /var/rudder/cfengine-community/bin, not run as root hooks from ncf-hooks.d
Several ways:
- run the app as root
- add commands in path and use sudo, modify sudoer so that user apache can use it
- Description updated (diff)
We can't run a wsgi application as root.
We need to find a way to run cf-promises as apache without being root
Is it possible to force running a program as root ?
About ncf hooks, We could set a group rudder on /var/rudder/configuration-repository, and add apache user in rudder group
- Project changed from 41 to 34
- Status changed from New to In progress
- Assignee changed from Vincent MEMBRÉ to Matthieu CERDA
- Target version set to 2.11.0~beta2
We are going to make the api wsgi run as user ncf, to eventually add it to a rudder group, having the access rights to the necessary directories :)
- Status changed from In progress to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- % Done changed from 0 to 100
- Pull Request set to https://github.com/Normation/rudder-packages/pull/422
- Target version changed from 2.11.0~beta2 to 2.11.0~rc1
- Status changed from Pending technical review to Pending release
Applied in changeset commit:a6e277e97ff1889fc0dfbe92a08f9358e5f2a991.
Applied in changeset commit:8964eb01b1f032ba924d090535c2af3ec6e8b149.
- Project changed from 34 to Rudder
- Category set to System integration
- Status changed from Pending release to Released
Also available in: Atom
PDF
Updated by 
Updated by Matthieu CERDA 
Updated by Jonathan CLARKE