Extending Failover Manager Permissions v4
During the Failover Manager installation, the installer creates a user named
efm does not have sufficient privileges to perform management functions that are normally limited to the database owner or operating system superuser.
- When performing management functions requiring database superuser privileges,
- When performing management functions requiring operating system superuser privileges,
- When assigning or releasing a virtual IP address,
- When enabling Pgpool integration,
efm_root_functions scripts perform management functions on behalf of the
The sudoers file contains entries that allow the user
efm to control the Failover Manager service for clusters owned by
enterprisedb. You can modify a copy of the sudoers file to grant permission to manage Postgres clusters owned by other users to
efm-42 file is located in
/etc/sudoers.d, and contains the following entries:
If you are using Failover Manager to monitor clusters that are owned by users other than
enterprisedb, make a copy of the
efm-42 file, and modify the content to allow the user to access the
efm_functions script to manage their clusters.
If an agent cannot start because of permission problems, make sure the default
/etc/sudoers file contains the following line at the end of the file:
By default, Failover Manager uses sudo to securely manage access to system functionality. If you choose to configure Failover Manager to run without sudo access, Note that root access is still required to:
- install the Failover Manager RPM.
- perform Failover Manager setup tasks.
To run Failover Manager without sudo, you must select a database process owner that will have privileges to perform management functions on behalf of Failover Manager. The user could be the default database superuser (for example, enterprisedb or postgres) or another privileged user. After selecting the user:
Use the following command to add the user to the
This should allow the user to write to
If you are reusing a cluster name, remove any previously created log files; the new user will not be able to write to log files created by the default (or other) owner.
Copy the cluster properties template file and the nodes template file:
Then, modify the cluster properties file, providing the name of the user in the
db.service.owner property. You must also ensure that the
db.service.name property is blank; without sudo, you cannot run services without root access.
After modifying the configuration, the new user can control Failover Manager with the following command:
<directory/cluster_name.properties> specifies the full path of the cluster properties file. Note that the user must ensure that the full path to the properties file must be provided whenever the non-default user is controlling agents or using the efm script.
To allow the new user to manage Failover Manager as a service, you must provide a custom script or unit file.
Failover Manager uses a binary named
manage-vip that resides in
/usr/edb/efm-4.2/bin/secure/ to perform VIP management operations without sudo privileges. This script uses setuid to acquire with the privileges needed to manage virtual IP addresses.
- This directory is only accessible to root and users in the
- The binary is only executable by root and the
For security reasons, we recommend against modifying the access privileges of the
/usr/edb/efm-4.2/bin/secure/ directory or the
For more information about using Failover Manager without sudo, visit:
- On this page
- Running Failover Manager without sudo