Re: [Gluster-devel] Permission for glusterfs logs.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Sep 20, 2017 at 07:50:58AM -0400, Kaleb S. KEITHLEY wrote:
> On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> > Any suggestion would be appreciated...
> > 
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal@xxxxxxxxx
> > <mailto:abhishpaliwal@xxxxxxxxx>> wrote:
> > 
> >     Any quick suggestion.....?
> > 
> >     On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
> >     <abhishpaliwal@xxxxxxxxx <mailto:abhishpaliwal@xxxxxxxxx>> wrote:
> > 
> >         Hi Team,
> > 
> >         As you can see permission for the glusterfs logs in
> >         /var/log/glusterfs is 600.
> > 
> >         drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> >         *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
> >         drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> >         drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> >         *-rw------- 1 root root 2102 Jan  3 20:21
> >         etc-glusterfs-glusterd.vol.log*
> > 
> >         Due to that non-root user is not able to access these logs
> >         files, could you please let me know how can I change these
> >         permission. So that non-root user can also access these log files.
> >
> 
> There is no "quick fix."  Gluster creates the log files with 0600 — like
> nearly everything else in /var/log.
> 
> The admin can chmod the files, but when the logs rotate the new log
> files will be 0600 again.
> 
> You'd have to patch the source and rebuild to get different permission bits.
> 
> You can probably do something with ACLs, but as above, when the logs
> rotate the new files won't have the ACLs.

Actually, if you set the 'default' ACL on the /var/log/gluster and other
directories, it gets inherited to new files that are created under
there. (The 'chmod' permissions for the directory will apply as
maximum permissions for ACLs, with chmod=755 reading files is possible.)

Something like this might work (give group 'admin' read permissions):

  # setfacl -d -m g:admin:r $(find /var/log/gluster -type d)
  # setfacl -R -m g:admin:r /var/log/gluster

Once you test this out, and are successful, you might want to add this
to the documentation on http://docs.gluster.org/ somewhere. Pull
requests can be sent to https://github.com/gluster/glusterdocs/ .

Thanks,
Niels

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-users
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux