[Gluster-devel] Permission for glusterfs logs.

Niels de Vos ndevos at redhat.com
Fri Sep 22 08:57:22 UTC 2017 

On Wed, Sep 20, 2017 at 07:50:58AM -0400, Kaleb S. KEITHLEY wrote:
> On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> > Any suggestion would be appreciated...
> > 
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at gmail.com
> > <mailto:abhishpaliwal at gmail.com>> wrote:
> > 
> >     Any quick suggestion.....?
> > 
> >     On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
> >     <abhishpaliwal at gmail.com <mailto:abhishpaliwal at gmail.com>> wrote:
> > 
> >         Hi Team,
> > 
> >         As you can see permission for the glusterfs logs in
> >         /var/log/glusterfs is 600.
> > 
> >         drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> >         *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
> >         drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> >         drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> >         *-rw------- 1 root root 2102 Jan  3 20:21
> >         etc-glusterfs-glusterd.vol.log*
> > 
> >         Due to that non-root user is not able to access these logs
> >         files, could you please let me know how can I change these
> >         permission. So that non-root user can also access these log files.
> >
> 
> There is no "quick fix."  Gluster creates the log files with 0600 — like
> nearly everything else in /var/log.
> 
> The admin can chmod the files, but when the logs rotate the new log
> files will be 0600 again.
> 
> You'd have to patch the source and rebuild to get different permission bits.
> 
> You can probably do something with ACLs, but as above, when the logs
> rotate the new files won't have the ACLs.

Actually, if you set the 'default' ACL on the /var/log/gluster and other
directories, it gets inherited to new files that are created under
there. (The 'chmod' permissions for the directory will apply as
maximum permissions for ACLs, with chmod=755 reading files is possible.)

Something like this might work (give group 'admin' read permissions):

  # setfacl -d -m g:admin:r $(find /var/log/gluster -type d)
  # setfacl -R -m g:admin:r /var/log/gluster

Once you test this out, and are successful, you might want to add this
to the documentation on http://docs.gluster.org/ somewhere. Pull
requests can be sent to https://github.com/gluster/glusterdocs/ .

Thanks,
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.gluster.org/pipermail/gluster-devel/attachments/20170922/1738d97c/attachment.sig>

More information about the Gluster-devel mailing list