[Gluster-users] [Gluster-devel] Permission for glusterfs logs.

Niels de Vos ndevos at redhat.com
Fri Sep 22 09:03:43 UTC 2017 

On Wed, Sep 20, 2017 at 04:38:51PM +0530, ABHISHEK PALIWAL wrote:
> Hi Team,
> 
> I did some modification in glusterfs code and now able to modify the
> permission of maximum of files.
> 
> But still 2 file's permission in 0600
> 
> 1. cli.log
> 2. file which contains the mounting information for "mount -t glusterfs"
> command
> 
> I will really appreciate, if some can point light on this area. Also is
> there any side effect of changing these permissions apart from other user
> can access these.

Certain actions may result in filenames being logged. It may not be
appropriate to have all users know what files other users have access
to.

In an other reply, I explained how ACLs may help with this. Most
environments will have a sysadmin group that can be allowed to read the
log files without compromising too much on the confidentiality.

Changing the source code is almost always the wrong approach. It will
make it difficult for you to update to a newer version. If changes are
needed, you probably should look into sending patches that include a
configuration or commandline option to adjust log-create permissions.

Niels


> 
> Regards,
> Abhishek
> 
> On Tue, Sep 19, 2017 at 6:52 AM, ABHISHEK PALIWAL <abhishpaliwal at gmail.com>
> wrote:
> 
> > Any suggestion would be appreciated...
> >
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at gmail.com> wrote:
> >
> >> Any quick suggestion.....?
> >>
> >> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <
> >> abhishpaliwal at gmail.com> wrote:
> >>
> >>> Hi Team,
> >>>
> >>> As you can see permission for the glusterfs logs in /var/log/glusterfs
> >>> is 600.
> >>>
> >>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> >>> *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
> >>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> >>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> >>> *-rw------- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*
> >>>
> >>> Due to that non-root user is not able to access these logs files, could
> >>> you please let me know how can I change these permission. So that non-root
> >>> user can also access these log files.
> >>>
> >>> Regards,
> >>> Abhishek Paliwal
> >>>
> >>
> >>
> >>
> >> --
> >>
> >>
> >>
> >>
> >> Regards
> >> Abhishek Paliwal
> >>
> >
> 
> 
> -- 
> 
> 
> 
> 
> Regards
> Abhishek Paliwal

> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170922/44a9fde9/attachment.sig>

More information about the Gluster-users mailing list