running as non-root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



While we are on the subject of init systems and packaging, I would *love* 
to fix things up for hammer to

 - create a ceph user and group
 - add various users to ceph group (like qemu or kvm user and 
apache/www-data?)
 - fix permissions on /var/log/ceph and /var/run/ceph (770?) so that qemu 
and rgw can write logs and asok files there
 - make daemons run as ceph user instead of root

The main hangup is with that last one.  As I understand it, when packages 
create users, they get a semi-random UID assigned.  That means that all 
the data on a ceph-osd disk would have a semi-random UID.  If it were 
hot-swapped into another host, the uid would be wrong.  Is there a way 
use a fixed uid?

Also on the roadmap is defining proper selinux policies so that these 
dameons are confined into the appropriate directories etc., but I imagine 
running as non-root is a big help (or even prerequisite?) to making that 
happen?

Suggestions or comments?  Or volunteers?  We haven't had time to look at 
this yet but I think it's important!

sage

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux