Table of Contents Previous Next


3 Installing and Configuring Failover Manager : 3.1 Extending Failover Manager Permissions

During the Failover Manager installation, the installer creates a user named efm. efm does not have sufficient privileges to perform management functions that are normally limited to the database owner or operating system superuser. When performing management functions, efm invokes the efm_functions script; the efm_functions script performs management functions on behalf of the efm user. When assigning or releasing a virtual IP address, efm uses the efm_address script to assign or release the VIP.
The sudoers file contains entries that allow the user efm to control the Failover Manager service for clusters owned by postgres or enterprisedb. You can modify a copy of the sudoers file to grant permission to manage Postgres clusters owned by other users to efm.
The efm-20 file is located in /etc/sudoers.d, and contains the following entries:
# Copyright EnterpriseDB Corporation, 2014. All Rights Reserved.
#
# Do not edit this file. Changes to the file may be overwritten
# during an upgrade.
#
# This file assumes you are running your efm cluster as user
# 'efm'. If not, then you will need to copy this file.
#
# Allow user 'efm' to sudo efm_functions as either 'postgres' or
# 'enterprisedb'. If you run your db service under a non-default
# account, you will need to copy this file to grant the proper
# permissions and specify the account in your efm cluster
# properties file by changing the 'db.service.owner' property.


efm ALL=(postgres) NOPASSWD: /usr/efm-2.0/bin/efm_functions
efm ALL=(enterprisedb) NOPASSWD: /usr/efm-2.0/bin/efm_functions


# Allow user 'efm' to sudo efm_functions as 'root' to
# write/delete the PID file, validate the db.service.owner
# property, etc.


efm ALL=(ALL) NOPASSWD: /usr/efm-2.0/bin/efm_functions


# Allow user 'efm' to sudo efm_address as root for VIP tasks.


efm ALL=(ALL) NOPASSWD: /usr/efm-2.0/bin/efm_address


# relax tty requirement for user 'efm'


Defaults:efm !requiretty
If you are using Failover Manager to monitor clusters that are owned by users other than postgres or enterprisedb, make a copy of the efm-20 file, and modify the content to allow the user to access the efm_functions script to manage their clusters.
If an agent cannot start because of permission problems, make sure the default /etc/sudoers file contains the following line at the end of the file:

3 Installing and Configuring Failover Manager : 3.1 Extending Failover Manager Permissions

Table of Contents Previous Next