Am 24.04.2015 um 22:52 schrieb Sage Weil: > On Fri, 24 Apr 2015, Danny Al-Gaaf wrote: >> Am 24.04.2015 um 19:37 schrieb Sage Weil: >> [...] >>> -- systemd -- >>> >>> Most of the daemons can just get the User=ceph and Group=cpeh lines in the >>> unit files. The OSD is tricky, though, since we want the prestart script >>> to run as root so that it can chown the disk contents if necessary. We >>> have two options, I think: >>> >>> 1) run prestart and ceph-osd as root, and add a ceph daemon arg to drop >>> privileges and setuid. >>> >>> 2) add a sudo rule so that the ceph user can run the chown command from >>> prestart. (This seems more dangerous.) >>> >>> Thoughts? >> >> Do we need to change the start scripts for SysV init? Or is this >> something we should ignore because the most distros will use systemd in >> the future. > > We could, but I wonder if not touching upstart or sysvinit will be an > easy way to handle migration/compat issues. > > One other thing Greg brought up today was that we should allow an admin to > configure daemons to run as root if they want. They can do that by > editing the unit files; I'm not sure if we want to do something more > friendly than that? (FWIW I think this is basically what Leannart > suggests.) The alternative would be to drop the privileges within the code of the daemons (as soon as possible) and use a config/cmdline option to check if we want to start the daemons as root or under the ceph user. Danny -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
