From a least privilege standpoint, o=rx seems bad. Instead, if you need a user to gave rx, why not set a default acl on each osd to allow Nagios to have rx?
I think it's designed to best practice. If a user wishes to accept additional risk, that's their risk.
On Jul 10, 2017 8:10 AM, "Jens Rosenboom" <j.rosenboom@xxxxxxxx> wrote:
2017-07-10 10:40 GMT+00:00 Christian Balzer <chibi@xxxxxxx>:
> On Mon, 10 Jul 2017 11:27:26 +0200 Marc Roos wrote:
>
>> Looks to me by design (from rpm install), and the settings of the
>> directorys below are probably the result of a user umask setting.
>
> I know it's deliberate, I'm asking why.
It seems to have been introduced in
https://github.com/ceph/ceph/pull/4456 and Sage writes there:
> need to validate the permissiong choices for /var/log/ceph adn /var/lib/ceph
I agree with you that setting "o=rx" would be a more sensible choice.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
