Get Postgres Tips and Tricks
Subscribe to get advanced Postgres how-tos.
Extending Failover Manager Permissions¶
During the Failover Manager installation, the installer creates a user
named efm
. efm
does not have sufficient privileges to perform management
functions that are normally limited to the database owner or operating
system superuser.
When performing management functions requiring database superuser privileges,
efm
invokes theefm_db_functions
script.When performing management functions requiring operating system superuser privileges,
efm
invokes theefm_root_functions
script.When assigning or releasing a virtual IP address, efm invokes the
efm_address script
.
The efm_db_functions
or efm_root_functions
scripts perform management
functions on behalf of the efm
user.
The sudoers file contains entries that allow the user efm
to control the
Failover Manager service for clusters owned by postgres
or enterprisedb
.
You can modify a copy of the sudoers file to grant permission to manage
Postgres clusters owned by other users to efm
.
The efm-40
file is located in /etc/sudoers.d
, and contains the following entries:
# Copyright EnterpriseDB Corporation, 2014-2020. All Rights Reserved. # # Do not edit this file. Changes to the file may be overwritten # during an upgrade. # # This file assumes you are running your efm cluster as user # 'efm'. If not, then you will need to copy this file. # Allow user 'efm' to sudo efm_db_functions as either 'postgres' # or 'enterprisedb'. If you run your db service under a # non-default account, you will need to copy this file to grant # the proper permissions and specify the account in your efm # cluster properties file by changing the 'db.service.owner' # property. efm ALL=(postgres) NOPASSWD: /usr/edb/efm-4.0/bin/efm_db_functions efm ALL=(enterprisedb) NOPASSWD: /usr/edb/efm-4.0/bin/efm_db_functions # Allow user 'efm' to sudo efm_root_functions as 'root' to # write/delete the PID file, validate the db.service.owner # property, etc. efm ALL=(ALL) NOPASSWD: /usr/edb/efm-4.0/bin/efm_root_functions # Allow user 'efm' to sudo efm_address as root for VIP tasks. efm ALL=(ALL) NOPASSWD: /usr/edb/efm-4.0/bin/efm_address # relax tty requirement for user 'efm' Defaults:efm !requiretty
If you are using Failover Manager to monitor clusters that are owned by
users other than postgres
or enterprisedb
, make a copy of the efm-40
file, and modify the content to allow the user to access the
efm_functions
script to manage their clusters.
If an agent cannot start because of permission problems, make sure the
default /etc/sudoers
file contains the following line at the end of the
file:
## Read drop-in files from /etc/sudoers.d (the # here does not # mean a comment)
#includedir /etc/sudoers.d
Running Failover Manager without sudo¶
By default, Failover Manager uses sudo to securely manage access to system functionality. If you choose to configure Failover Manager to run without sudo access, please note that root access is still required to:
install the Failover Manager RPM.
perform Failover Manager setup tasks.
To run Failover Manager without sudo, you must select a database process owner that will have privileges to perform management functions on behalf of Failover Manager. The user could be the default database superuser (for example, enterprisedb or postgres) or another privileged user. After selecting the user:
Use the following command to add the user to the
efm
group:usermod -a -G efm enterprisedb
This should allow the user to write to
/var/run/efm-4.0
and/var/lock/efm-4.0
.If you are reusing a cluster name, remove any previously created log files; the new user will not be able to write to log files created by the default (or other) owner.
Copy the cluster properties template file and the nodes template file:
su - enterprisedb cp /etc/edb/efm-4.0/efm.properties.in <directory/cluster_name>.properties cp /etc/edb/efm-4.0/efm.nodes.in <directory>/<cluster_name>.nodes
Then, modify the cluster properties file, providing the name of the user in the db.service.owner
property. You must also ensure that the db.service.name
property is blank; without sudo, you cannot run services without root access.
After modifying the configuration, the new user can control Failover Manager with the following command:
/usr/edb/efm-4.0/bin/runefm.sh start|stop <directory/cluster_name>.properties
Where <directory/cluster_name.properties>
specifies the full path of the cluster properties file. Please note that the user must
ensure that the full path to the properties file must be provided
whenever the non-default user is controlling agents or using the efm
script.
To allow the new user to manage Failover Manager as a service, you must provide a custom script or unit file.
Failover Manager uses a binary named manage-vip
that resides in
/usr/edb/efm-4.0/bin/secure/
to perform VIP management operations
without sudo privileges. This script uses setuid to acquire with the
privileges needed to manage Virtual IP addresses.
This directory is only accessible to root and users in the
efm
group.The binary is only executable by root and the
efm
group.
For security reasons, we recommend against modifying the access
privileges of the /usr/edb/efm-4.0/bin/secure/
directory or the
manage-vip
script.
For more information about using Failover Manager without sudo, visit:
https://www.enterprisedb.com/blog/running-edb-postgres-failover-manager-without-sudo