Hi Jan,
I'm glad that there is no problem with running a process as another user
on your Linux systems when PROCESSAUTHMODE is set to None.
Note that STAFProc reads the last line in the STAF.cfg file even if it
does not end with a newline. My guess is that you added the "set
PROCESSAUTHMODE NONE" line to the STAF.cfg file but never shutdown and
restarted STAFProc. Changes to the STAF.cfg file are not picked up until
STAFProc is restarted.
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
From: "Andersen, Jan" <jander...@informatica.com>
To: "staf" <staf-users@lists.sourceforge.net>,
Date: 01/30/2012 05:13 AM
Subject: Re: [staf-users] PROCESS ... USERNAME .. doesn't always
work?
Hi Sharon,
That looks very interesting; "STAF local PROCESS LIST SETTINGS" on one of
the systems with the problem shows "Process Auth Mode :
Disabled", but STAF.cfg:
[root@acris root]# cat /usr/local/staf/bin/STAF.cfg
# This file should be in /usr/local/staf/bin
#
# Turn on tracing of internal errors and deprecated options
trace enable tracepoints "error deprecated"
authenticator infauth library /usr/local/staf/lib/libinfauth.so
service infares delegate hag
service infauser delegate hag
service infactor delegate hag
# Enable TCP/IP connections
interface ssl library STAFTCP option Secure=Yes option Port=6550
interface tcp library STAFTCP option Secure=No option Port=6500
# Set default local trust
trust machine local://local level 3
trust machine *://hag.informatica.com level 5
# Add default service loader
serviceloader library STAFDSLS
# Allow running as a different user
set PROCESSAUTHMODE NONE
- so for some reason STAFProc doesn't read the last line. Then I noticed
that the last line doesn't end with a (newline); once I add that, it
works. Perhaps there is a small error in the code that reads the config
file?
/jan
-----Original Message-----
From: Sharon Lucas [mailto:luc...@us.ibm.com]
Sent: Sat 28/01/2012 17:41
To: agou
Cc: staf
Subject: Re: [staf-users] PROCESS ... USERNAME .. doesn't always work?
Hi,
The STAF PROCESS service code does not do anything differently for
different Linux systems.
What exact versions of Linux are you seeing this issue on? What is the
output from "uname --a" and "cat /etc/redhat-release" on these Linux
machines?
Are you sure that on these Linux machines that the PROCESS service's
PROCESSAUTHMODE is set to "None" and not "Disabled"? Because if not, the
command run via the PROCESS START request with the USERNAME option will
not be run as the specified user and will be run as root (with no error
message).
Provide the output of running the following commands (substituting staf1e
with the hostname/IP address of your Linux machine and substituting "test"
with the username that you want to run the process as.
# STAF staf1e PROCESS LIST SETTINGS
Response
--------
Default Stop Using Method : SigKillAll
Default Console Mode : Same
Default Focus : Background
Process Auth Mode : Disabled
Default Auth Username : <None>
Default Auth Password : <None>
Default Auth Disabled Action: Ignore
Default Shell : <None>
Default New Console Shell : <None>
Default Same Console Shell : <None>
# STAF staf1e PROCESS START SHELL COMMAND whoami RETURNSTDOUT
STDERRTOSTDOUT WAIT USERNAME test
Response
--------
{
Return Code: 0
Key : <None>
Files : [
{
Return Code: 0
Data : root <== Note that still "root", not "test", because
Process Auth Mode is Disabled
}
]
}
# STAF staf1e PROCESS SET PROCESSAUTHMODE None
Response
--------
# STAF staf1e PROCESS LIST SETTINGS
Response
--------
Default Stop Using Method : SigKillAll
Default Console Mode : Same
Default Focus : Background
Process Auth Mode : None
Default Auth Username : <None>
Default Auth Password : <None>
Default Auth Disabled Action: Ignore
Default Shell : <None>
Default New Console Shell : <None>
Default Same Console Shell : <None>
# STAF staf1e PROCESS START SHELL COMMAND whoami RETURNSTDOUT
STDERRTOSTDOUT WAIT USERNAME test
Response
--------
{
Return Code: 0
Key : <None>
Files : [
{
Return Code: 0
Data : test
}
]
}
#
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
From: agou <a...@talktalk.net>
To: staf <staf-users@lists.sourceforge.net>,
Date: 01/28/2012 07:36 AM
Subject: Re: [staf-users] PROCESS ... USERNAME .. doesn't always
work?
Hi Sharon,
Well, it seems to work on most platforms. There is no problem on about
30 different UNIX and Linux systems, and several of them are Redhat;
there are just 3 of them that don't change the user ID. I suppose I
can start looking in the code for the process service; I just hoped
maybe somebody had seen this problem before.
When/if I find the solution, I'll let the list know.
Sharon Lucas wrote:
> Hi,
>
> I have no problem running a process as another user on our Red Hat Linux
> systems via a STAF PROCESS START request using the USENAME option. What
> makes you think the process is not being run as the specified userid?
Try
> the following to show the user that the process is being run as.
>
> On a RHEL 4 system, I ran the "whoami" command (which shows the
effective
> userid) and the "id" command (which shows real and effective UIDs and
> GIDs) and these commands show that the system is logged on as root
(which
> it was when I started STAFProc). Then, I ran the "whoami" and the "id"
> commands via STAF PROCESS START requests specifying USERNAME "test" and
it
> correctly shows that the process is being started under user "test".
>
> # cat /etc/redhat-release
> Red Hat Enterprise Linux AS release 4 (Nahant Update 9)
> # whoami
> root
> # id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> context=root:system_r:unconfined_t
>
> # STAF local PROCESS START SHELL COMMAND "whoami" RETURNSTDOUT
> STDERRTOSTDOUT USERNAME test WAIT
> Response
> --------
> {
> Return Code: 0
> Key : <None>
> Files : [
> {
> Return Code: 0
> Data : test
>
> }
> ]
> }
> # STAF local PROCESS START SHELL COMMAND "id" RETURNSTDOUT
STDERRTOSTDOUT
> USERNAME test WAIT
> Response
> --------
> {
> Return Code: 0
> Key : <None>
> Files : [
> {
> Return Code: 0
> Data : uid=500(test) gid=500(test)
> groups=0(root),1(bin),2(daemon),3
> (sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t
>
> }
> ]
> }
>
> --------------------------------------------------------------
> Sharon Lucas
> IBM Austin, luc...@us.ibm.com
> (512) 286-7313 or Tieline 363-7313
>
>
>
>
> From: "Andersen, Jan" <jander...@informatica.com>
> To: "staf" <staf-users@lists.sourceforge.net>,
> Date: 01/27/2012 01:49 AM
> Subject: [staf-users] PROCESS ... USERNAME .. doesn't always
work?
>
>
>
> I have set up staf identically on a large number of UNIX servers, and in
> most instances it works fine, but on 3 of them (all Redhat linux) the
> userid doesn't get set in the PROCESS command. I have set
PROCESSAUTHMODE
> to NONE and STAFProc runs as root, so it should work.
>
> What do you think is likely to be the reason?
>
>
------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> staf-users mailing list
> staf-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/staf-users
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> staf-users mailing list
> staf-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/staf-users
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
