[Gluster-users] /var/run/glusterd.socket permissions for non-root geo-replication (4.1.3)

[Andy Coates]

Hi all,

We're investigating geo-replication and noticed that when using non-root
geo-replication, the sync user cannot access various gluster commands, e.g.
one of the session commands ends up running this on the slave:

Popen: command returned error       cmd=/usr/sbin/gluster
--remote-host=localhost system:: mount geosync user-map-root=geosync
aux-gfid-mount acl log-level=INFO
log-file=/var/log/glusterfs/geo-replication-slaves/snip/snip.log
volfile-server=localhost volfile-id=shared client-pid=-1  error=1

Popen: /usr/sbin/gluster> 2 : failed with this errno (No such file or
directory)

The underlying cause of this is the gluster command not being able to write
to the socket file /var/run/glusterd.socket - if I change the group to my
geo-replication group and add group write, the command succeeds and
geo-replication becomes active.

The problem is every time the server/service restarts it comes back up as
root:root

srwxr-xr-x. 1 root root 0 Sep  3 02:17 /var/run/glusterd.socket

So a couple of questions:
1) Should the geo-replication non-root user be able to do what it needs
without changing those permissions?
2) If it does need write permission, is there a config option to tell the
service to set the correct permissions on the file when it starts so that
the non-root user can write to it?

Thanks.
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20180903/c5490f81/attachment.html>