From: Martin Schwenke <mschwenke@ddn.com>
Date: Mon, 19 Jun 2023 00:39:29 +0000 (+1000)
Subject: ctdb-scripts: No longer run statd-callout under sudo
X-Git-Tag: tdb-1.4.11~528
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=991d21d075c0382b27dc9da64e8a6cfd94f175c0;p=thirdparty%2Fsamba.git

ctdb-scripts: No longer run statd-callout under sudo

This simplifies and removes a bad hack.  Also, in my test environment,
it also drops the average time take to run an add-client/del-client
pair from ~0.055s to ~0.030s.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/ctdb/config/ctdb.sudoers b/ctdb/config/ctdb.sudoers
deleted file mode 100644
index 1c238180cc9..00000000000
--- a/ctdb/config/ctdb.sudoers
+++ /dev/null
@@ -1,3 +0,0 @@
-Defaults!/usr/local/etc/ctdb/statd-callout	!requiretty
-
-rpcuser		ALL=(ALL) 	NOPASSWD: /usr/local/etc/ctdb/statd-callout
diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout
index d1e49991f75..871a07204e8 100755
--- a/ctdb/config/statd-callout
+++ b/ctdb/config/statd-callout
@@ -1,8 +1,5 @@
 #!/bin/sh
 
-# This must run as root as CTDB tool commands need to access CTDB socket
-[ "$(id -u)" -eq 0 ] || exec sudo "$0" "$@"
-
 # statd must be configured to use this script as its high availability call-out.
 #
 # Modern NFS utils versions use /etc/nfs.conf:
diff --git a/ctdb/doc/examples/ctdb.spec.in b/ctdb/doc/examples/ctdb.spec.in
index addb7e12317..467188d5b9f 100644
--- a/ctdb/doc/examples/ctdb.spec.in
+++ b/ctdb/doc/examples/ctdb.spec.in
@@ -14,7 +14,7 @@ URL: http://ctdb.samba.org/
 Source: ctdb-%{version}.tar.gz
 
 # Packages
-Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool, sudo
+Requires: coreutils, sed, gawk, iptables, iproute, procps, ethtool
 # Commands - package name might vary
 Requires: /usr/bin/killall, /bin/kill, /bin/ss
 
@@ -109,9 +109,6 @@ make -j
 # Clean up in case there is trash left from a previous build
 rm -rf $RPM_BUILD_ROOT
 
-# Create the target build directory hierarchy
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.d
-
 DESTDIR=$RPM_BUILD_ROOT make -j install
 
 install -m644 config/ctdb.conf $RPM_BUILD_ROOT%{_sysconfdir}/ctdb
@@ -199,7 +196,6 @@ fi
 %doc doc/cluster_mutex_helper.txt
 %doc doc/*.html
 %doc doc/examples
-%{_sysconfdir}/sudoers.d/ctdb
 %dir %{_sysconfdir}/ctdb
 %{_sysconfdir}/ctdb/functions
 %dir %{_sysconfdir}/ctdb/events
diff --git a/ctdb/tests/UNIT/eventscripts/stubs/id b/ctdb/tests/UNIT/eventscripts/stubs/id
deleted file mode 100755
index 1ecd2f80bf7..00000000000
--- a/ctdb/tests/UNIT/eventscripts/stubs/id
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-# Make statd-callout happy
-echo 0
diff --git a/ctdb/wscript b/ctdb/wscript
index aee1164a95f..d4e436931dd 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -894,13 +894,6 @@ def build(bld):
         bld.INSTALL_FILES(bld.env.CTDB_ETCDIR, 'config/%s' % t,
                           destname=t, chmod=MODE_755)
 
-    bld.SAMBA_GENERATOR('ctdb-sudoers',
-                        source='config/ctdb.sudoers',
-                        target='ctdb.sudoers',
-                        rule='sed %s ${SRC} > ${TGT}' % (sed_cmdline))
-    bld.INSTALL_FILES('${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers',
-                      destname='ctdb')
-
     bld.INSTALL_FILES('${CTDB_ETCDIR}/events/notification',
                       'config/notification.README',
                       destname='README')