On Fri, 24 Apr 2015, Sage Weil wrote: > > > -- systemd -- > > > > > > Most of the daemons can just get the User=ceph and Group=cpeh lines in the > > > unit files. The OSD is tricky, though, since we want the prestart script > > > to run as root so that it can chown the disk contents if necessary. We > > > have two options, I think: > > > > > > 1) run prestart and ceph-osd as root, and add a ceph daemon arg to drop > > > privileges and setuid. > > > > > > 2) add a sudo rule so that the ceph user can run the chown command from > > > prestart. (This seems more dangerous.) > > > > I agree sudo sounds more dangerous, and it'll also be more complex to > > implement in the packaging. > > > > Would it be possible to use Apache's model, where it does the bare > > minimum set of things it needs as root (binding to port 80, etc), and > > then drops privileges thereafter? > > > > If the OSD had this ability built-in, then it could run in minimal > > environments like containers where sudo is not present, etc. > > Yeah. And in this case, it's only the ceph-osd-prestart.sh script (run by > systemd) that needs root; the ceph-osd can drop privileges immediately > upon starting. Pushed a patch that lets daemons drop privs (setuid and setgid) and updated the ceph-osd unit file accordingly. Also added a /etc/security/limits.d/ceph file so that we can set the nofile ulimit in one place where people expect it and not in our configs or the systemd/upstart configs. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
