Extending Failover Manager permissions v4
During the Failover Manager installation, the installer creates a user named efm. efm doesn't have enough privileges to perform management functions that are normally limited to the database owner or operating system superuser.
- When performing management functions requiring database superuser privileges, efm invokes the
efm_db_functions
script. - When performing management functions requiring operating system superuser privileges, efm invokes the
efm_root_functions
script. - When assigning or releasing a virtual IP address, efm invokes the
efm_address
script. - When enabling Pgpool integration, efm invokes the
efm_pgpool_functions
script.
The efm_db_functions
or efm_root_functions
scripts perform management functions on behalf of the efm user.
The sudoers
file contains entries that allow the user efm to control the Failover Manager service for clusters owned by postgres or enterprisedb. You can modify a copy of the sudoers
file to grant permission to efm to manage Postgres clusters owned by other users.
The efm-48
file is located in /etc/sudoers.d
and contains the following entries:
If you're using Failover Manager to monitor clusters that are owned by users other than postgres or enterprisedb, make a copy of the efm-48
file. Then modify the content to allow the user to access the efm_functions
script to manage their clusters.
If an agent can't start because of permission problems, make sure the default /etc/sudoers
file contains the following line at the end of the file:
Running Failover Manager without sudo
By default, Failover Manager uses sudo to securely manage access to system functionality. If you choose to configure Failover Manager to run without sudo access, root access is still required to:
- Install the Failover Manager RPM.
- Perform Failover Manager setup tasks.
To run Failover Manager without sudo, you must select a database process owner with privileges to perform management functions on behalf of Failover Manager. The user can be the default database superuser (for example, enterprisedb or postgres) or another privileged user. After selecting the user:
Use the following command to add the user to the
efm
group:This command allows the user to write to
/var/run/efm-4.<x>
and/var/lock/efm-4.<x>
.If you're reusing a cluster name, remove any previously created log files. The new user can't write to log files created by the default or other owner.
Copy the cluster properties template file and the nodes template file:
Then, modify the cluster properties file, providing the name of the user in the db.service.owner
property. Also make sure that the db.service.name
property is blank. Without sudo, you can't run services without root access.
After modifying the configuration, the new user can control Failover Manager with the following command:
Where <directory/cluster_name.properties>
specifies the full path of the cluster properties file. The user provides the full path to the properties file whenever the nondefault user is controlling agents or using the efm
script.
To allow the new user to manage Failover Manager as a service, provide a custom script or unit file.
Failover Manager uses a binary named manage-vip
that resides in /usr/edb/efm-4.<x>/bin/secure/
to perform VIP management operations without sudo privileges. This script uses setuid to acquire with the privileges needed to manage virtual IP addresses.
- This directory is accessible only to root and users in the efm group.
- The binary is executable only by root and the efm group.
For security reasons, we recommend against modifying the access privileges of the /usr/edb/efm-4.<x>/bin/secure/
directory or the manage-vip
script.
For more information about using Failover Manager without sudo, visit:
https://www.enterprisedb.com/blog/running-edb-postgres-failover-manager-without-sudo
- On this page
- Running Failover Manager without sudo