On Fri, 24 Apr 2015, Ken Dreyer wrote: > On 04/24/2015 11:37 AM, Sage Weil wrote: > > -- Logs -- > > > > One other thing in addition to the log directory is the socket directory > permissions (/var/run/ceph). The ceph UID will need to write there, right? > > In newer distros with systemd, /var/run is on tmpfs so we use this > tmpfiles.d snippet to be sure the directory is there in /var/tmpfs after > every boot: > > https://github.com/ceph/ceph/blob/master/systemd/ceph.tmpfiles.d > > The snippet currently creates the directory as root-owned, and I imagine > we'd want to change that to the ceph UID instead? Yeah, I changed that file. Again, not certain about the group permissions bit, though. > > -- systemd -- > > > > Most of the daemons can just get the User=ceph and Group=cpeh lines in the > > unit files. The OSD is tricky, though, since we want the prestart script > > to run as root so that it can chown the disk contents if necessary. We > > have two options, I think: > > > > 1) run prestart and ceph-osd as root, and add a ceph daemon arg to drop > > privileges and setuid. > > > > 2) add a sudo rule so that the ceph user can run the chown command from > > prestart. (This seems more dangerous.) > > I agree sudo sounds more dangerous, and it'll also be more complex to > implement in the packaging. > > Would it be possible to use Apache's model, where it does the bare > minimum set of things it needs as root (binding to port 80, etc), and > then drops privileges thereafter? > > If the OSD had this ability built-in, then it could run in minimal > environments like containers where sudo is not present, etc. Yeah. And in this case, it's only the ceph-osd-prestart.sh script (run by systemd) that needs root; the ceph-osd can drop privileges immediately upon starting. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
