[Gluster-users] /var/run/glusterd.socket permissions for non-root geo-replication (4.1.3)
Andy Coates
andy.coates at gmail.com
Mon Sep 3 02:36:20 UTC 2018
Hi all,
We're investigating geo-replication and noticed that when using non-root
geo-replication, the sync user cannot access various gluster commands, e.g.
one of the session commands ends up running this on the slave:
Popen: command returned error cmd=/usr/sbin/gluster
--remote-host=localhost system:: mount geosync user-map-root=geosync
aux-gfid-mount acl log-level=INFO
log-file=/var/log/glusterfs/geo-replication-slaves/snip/snip.log
volfile-server=localhost volfile-id=shared client-pid=-1 error=1
Popen: /usr/sbin/gluster> 2 : failed with this errno (No such file or
directory)
The underlying cause of this is the gluster command not being able to write
to the socket file /var/run/glusterd.socket - if I change the group to my
geo-replication group and add group write, the command succeeds and
geo-replication becomes active.
The problem is every time the server/service restarts it comes back up as
root:root
srwxr-xr-x. 1 root root 0 Sep 3 02:17 /var/run/glusterd.socket
So a couple of questions:
1) Should the geo-replication non-root user be able to do what it needs
without changing those permissions?
2) If it does need write permission, is there a config option to tell the
service to set the correct permissions on the file when it starts so that
the non-root user can write to it?
Thanks.
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20180903/c5490f81/attachment.html>
More information about the Gluster-users
mailing list