[PVE-User] ceph.conf permissions
jim at freesolutions.net
Thu Mar 10 11:49:06 CET 2016
On 2016-03-10 10:30, Florent B wrote:
> On 03/10/2016 11:25 AM, Alessandro Briosi wrote:
>> Il 10/03/2016 11:11, Florent B ha scritto:
>>> Hi everyone,
>>> I think there's a little problem with ceph.conf permissions on
>>> With Infernalis release, all ceph processes are running under
>>> "ceph" user.
>>> root user starts processes, then changes user to ceph. All is fine.
>>> But problem occur when a ceph process needs to respawn itself after
>>> time. ceph user is respawning and cannot read ceph.conf anymore.
>>> That's the case for MDS processes for example.
>>> Permissions of ceph.conf file are
>>> # ls -alh /etc/pve/ceph.conf
>>> -rw-r----- 1 root www-data 3.6K Mar 8 12:35 /etc/pve/ceph.conf
>>> And cannot change that
>>> # chmod o+r /etc/pve/ceph.conf
>>> chmod: changing permissions of ‘/etc/pve/ceph.conf’: Function not
>>> How can Proxmox handle this situation ?
>> Why not simply add ceph user to www-data group.
>> Or can it be in some way a security issue?
> Hi Alessandro,
> Yes that's one of the solutions, I just wanted to know if someone had
> other ideas :)
> I don't think that could be a great security issue..
You could use extended ACLs to allow the ceph user read access to that
More information about the pve-user