[PVE-User] ceph.conf permissions
Florent B
florent at coppint.com
Wed Mar 16 11:13:46 CET 2016
On 03/10/2016 11:25 AM, Alessandro Briosi wrote:
> Il 10/03/2016 11:11, Florent B ha scritto:
>> Hi everyone,
>>
>> I think there's a little problem with ceph.conf permissions on Proxmox.
>>
>> With Infernalis release, all ceph processes are running under "ceph" user.
>>
>> root user starts processes, then changes user to ceph. All is fine.
>>
>> But problem occur when a ceph process needs to respawn itself after some
>> time. ceph user is respawning and cannot read ceph.conf anymore.
>> That's the case for MDS processes for example.
>>
>> Permissions of ceph.conf file are
>>
>> # ls -alh /etc/pve/ceph.conf
>> -rw-r----- 1 root www-data 3.6K Mar 8 12:35 /etc/pve/ceph.conf
>>
>> And cannot change that
>>
>> # chmod o+r /etc/pve/ceph.conf
>> chmod: changing permissions of ‘/etc/pve/ceph.conf’: Function not
>> implemented
>>
>> How can Proxmox handle this situation ?
> Why not simply add ceph user to www-data group.
>
> Or can it be in some way a security issue?
>
> Alessandro
>
I did it and it seems not working...
# groups ceph
ceph : ceph www-data
# ls -alh /etc/ceph/ceph.conf
lrwxrwxrwx 1 root root 18 May 27 2015 /etc/ceph/ceph.conf ->
/etc/pve/ceph.conf
# ls -alh /etc/pve/ceph.conf
-rw-r----- 1 root www-data 3.6K Mar 8 12:35 /etc/pve/ceph.conf
ceph-mds is running as ceph:ceph
# su ceph -s /bin/bash -c 'test -r /etc/pve/ceph.conf' && echo "Read OK"
|| echo "Read NOK"
Read OK
Does someone have an idea ? Maybe it's a ceph related bug, but maybe I'm
missing something...
More information about the pve-user
mailing list