Hi Sharon, That looks very interesting; "STAF local PROCESS LIST SETTINGS" on one of the systems with the problem shows "Process Auth Mode : Disabled", but STAF.cfg:
[root@acris root]# cat /usr/local/staf/bin/STAF.cfg # This file should be in /usr/local/staf/bin # # Turn on tracing of internal errors and deprecated options trace enable tracepoints "error deprecated" authenticator infauth library /usr/local/staf/lib/libinfauth.so service infares delegate hag service infauser delegate hag service infactor delegate hag # Enable TCP/IP connections interface ssl library STAFTCP option Secure=Yes option Port=6550 interface tcp library STAFTCP option Secure=No option Port=6500 # Set default local trust trust machine local://local level 3 trust machine *://hag.informatica.com level 5 # Add default service loader serviceloader library STAFDSLS # Allow running as a different user set PROCESSAUTHMODE NONE - so for some reason STAFProc doesn't read the last line. Then I noticed that the last line doesn't end with a (newline); once I add that, it works. Perhaps there is a small error in the code that reads the config file? /jan -----Original Message----- From: Sharon Lucas [mailto:luc...@us.ibm.com] Sent: Sat 28/01/2012 17:41 To: agou Cc: staf Subject: Re: [staf-users] PROCESS ... USERNAME .. doesn't always work? Hi, The STAF PROCESS service code does not do anything differently for different Linux systems. What exact versions of Linux are you seeing this issue on? What is the output from "uname --a" and "cat /etc/redhat-release" on these Linux machines? Are you sure that on these Linux machines that the PROCESS service's PROCESSAUTHMODE is set to "None" and not "Disabled"? Because if not, the command run via the PROCESS START request with the USERNAME option will not be run as the specified user and will be run as root (with no error message). Provide the output of running the following commands (substituting staf1e with the hostname/IP address of your Linux machine and substituting "test" with the username that you want to run the process as. # STAF staf1e PROCESS LIST SETTINGS Response -------- Default Stop Using Method : SigKillAll Default Console Mode : Same Default Focus : Background Process Auth Mode : Disabled Default Auth Username : <None> Default Auth Password : <None> Default Auth Disabled Action: Ignore Default Shell : <None> Default New Console Shell : <None> Default Same Console Shell : <None> # STAF staf1e PROCESS START SHELL COMMAND whoami RETURNSTDOUT STDERRTOSTDOUT WAIT USERNAME test Response -------- { Return Code: 0 Key : <None> Files : [ { Return Code: 0 Data : root <== Note that still "root", not "test", because Process Auth Mode is Disabled } ] } # STAF staf1e PROCESS SET PROCESSAUTHMODE None Response -------- # STAF staf1e PROCESS LIST SETTINGS Response -------- Default Stop Using Method : SigKillAll Default Console Mode : Same Default Focus : Background Process Auth Mode : None Default Auth Username : <None> Default Auth Password : <None> Default Auth Disabled Action: Ignore Default Shell : <None> Default New Console Shell : <None> Default Same Console Shell : <None> # STAF staf1e PROCESS START SHELL COMMAND whoami RETURNSTDOUT STDERRTOSTDOUT WAIT USERNAME test Response -------- { Return Code: 0 Key : <None> Files : [ { Return Code: 0 Data : test } ] } # -------------------------------------------------------------- Sharon Lucas IBM Austin, luc...@us.ibm.com (512) 286-7313 or Tieline 363-7313 From: agou <a...@talktalk.net> To: staf <staf-users@lists.sourceforge.net>, Date: 01/28/2012 07:36 AM Subject: Re: [staf-users] PROCESS ... USERNAME .. doesn't always work? Hi Sharon, Well, it seems to work on most platforms. There is no problem on about 30 different UNIX and Linux systems, and several of them are Redhat; there are just 3 of them that don't change the user ID. I suppose I can start looking in the code for the process service; I just hoped maybe somebody had seen this problem before. When/if I find the solution, I'll let the list know. Sharon Lucas wrote: > Hi, > > I have no problem running a process as another user on our Red Hat Linux > systems via a STAF PROCESS START request using the USENAME option. What > makes you think the process is not being run as the specified userid? Try > the following to show the user that the process is being run as. > > On a RHEL 4 system, I ran the "whoami" command (which shows the effective > userid) and the "id" command (which shows real and effective UIDs and > GIDs) and these commands show that the system is logged on as root (which > it was when I started STAFProc). Then, I ran the "whoami" and the "id" > commands via STAF PROCESS START requests specifying USERNAME "test" and it > correctly shows that the process is being started under user "test". > > # cat /etc/redhat-release > Red Hat Enterprise Linux AS release 4 (Nahant Update 9) > # whoami > root > # id > uid=0(root) gid=0(root) > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > context=root:system_r:unconfined_t > > # STAF local PROCESS START SHELL COMMAND "whoami" RETURNSTDOUT > STDERRTOSTDOUT USERNAME test WAIT > Response > -------- > { > Return Code: 0 > Key : <None> > Files : [ > { > Return Code: 0 > Data : test > > } > ] > } > # STAF local PROCESS START SHELL COMMAND "id" RETURNSTDOUT STDERRTOSTDOUT > USERNAME test WAIT > Response > -------- > { > Return Code: 0 > Key : <None> > Files : [ > { > Return Code: 0 > Data : uid=500(test) gid=500(test) > groups=0(root),1(bin),2(daemon),3 > (sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t > > } > ] > } > > -------------------------------------------------------------- > Sharon Lucas > IBM Austin, luc...@us.ibm.com > (512) 286-7313 or Tieline 363-7313 > > > > > From: "Andersen, Jan" <jander...@informatica.com> > To: "staf" <staf-users@lists.sourceforge.net>, > Date: 01/27/2012 01:49 AM > Subject: [staf-users] PROCESS ... USERNAME .. doesn't always work? > > > > I have set up staf identically on a large number of UNIX servers, and in > most instances it works fine, but on 3 of them (all Redhat linux) the > userid doesn't get set in the PROCESS command. I have set PROCESSAUTHMODE > to NONE and STAFProc runs as root, so it should work. > > What do you think is likely to be the reason? > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > staf-users mailing list > staf-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/staf-users > > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > > > ------------------------------------------------------------------------ > > _______________________________________________ > staf-users mailing list > staf-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/staf-users ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users
