Re: [ceph-users] ceph admin socket from non root
Hi Stefan, I have same problem than you, trying to monitor ceph through the socket with a non-root user. Do you have find a clean way to add write permissions to ceph group to the socket ? - Mail original - De: "Stefan Priebe, Profihost AG" À: "Gregory Farnum" Cc: "ceph-users" Envoyé: Mardi 19 Juillet 2016 12:51:59 Objet: Re: [ceph-users] ceph admin socket from non root Am 18.07.2016 um 20:14 schrieb Gregory Farnum: > I'm not familiar with how it's set up but skimming and searching > through the code I'm not seeing anything, no. We've got a chown but no > chmod. That's odd ;-) how do all the people do their monitoring? running as root? > That's a reasonably feature idea though, and presumably you > could add a chmod it to your init scripts? Yes i could hack that into the init script. I just had the feeling that the feature must exist and i'm just missing something. Greets, Stefan > -Greg > > On Mon, Jul 18, 2016 at 3:02 AM, Stefan Priebe - Profihost AG > wrote: >> >> Nobody? Is it at least possible with jewel to give the sockets group >> write permissions? >> >> Am 10.07.2016 um 23:51 schrieb Stefan Priebe - Profihost AG: >>> Hi, >>> >>> is there a proposed way how to connect from non root f.e. a monitoring >>> system to the ceph admin socket? >>> >>> In the past they were created with 777 permissions but now they're 755 >>> which prevents me from connecting from our monitoring daemon. I don't >>> like to set CAP_DAC_OVERRIDE for the monitoring agent. >>> >>> Greets, >>> Stefan >>> >>> ___ >>> ceph-users mailing list >>> ceph-users@lists.ceph.com >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> >> ___ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] ceph admin socket from non root
Am 18.07.2016 um 20:14 schrieb Gregory Farnum: > I'm not familiar with how it's set up but skimming and searching > through the code I'm not seeing anything, no. We've got a chown but no > chmod. That's odd ;-) how do all the people do their monitoring? running as root? > That's a reasonably feature idea though, and presumably you > could add a chmod it to your init scripts? Yes i could hack that into the init script. I just had the feeling that the feature must exist and i'm just missing something. Greets, Stefan > -Greg > > On Mon, Jul 18, 2016 at 3:02 AM, Stefan Priebe - Profihost AG > wrote: >> >> Nobody? Is it at least possible with jewel to give the sockets group >> write permissions? >> >> Am 10.07.2016 um 23:51 schrieb Stefan Priebe - Profihost AG: >>> Hi, >>> >>> is there a proposed way how to connect from non root f.e. a monitoring >>> system to the ceph admin socket? >>> >>> In the past they were created with 777 permissions but now they're 755 >>> which prevents me from connecting from our monitoring daemon. I don't >>> like to set CAP_DAC_OVERRIDE for the monitoring agent. >>> >>> Greets, >>> Stefan >>> >>> ___ >>> ceph-users mailing list >>> ceph-users@lists.ceph.com >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> >> ___ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] ceph admin socket from non root
I'm not familiar with how it's set up but skimming and searching through the code I'm not seeing anything, no. We've got a chown but no chmod. That's a reasonably feature idea though, and presumably you could add a chmod it to your init scripts? -Greg On Mon, Jul 18, 2016 at 3:02 AM, Stefan Priebe - Profihost AG wrote: > > Nobody? Is it at least possible with jewel to give the sockets group > write permissions? > > Am 10.07.2016 um 23:51 schrieb Stefan Priebe - Profihost AG: >> Hi, >> >> is there a proposed way how to connect from non root f.e. a monitoring >> system to the ceph admin socket? >> >> In the past they were created with 777 permissions but now they're 755 >> which prevents me from connecting from our monitoring daemon. I don't >> like to set CAP_DAC_OVERRIDE for the monitoring agent. >> >> Greets, >> Stefan >> >> ___ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] ceph admin socket from non root
Nobody? Is it at least possible with jewel to give the sockets group write permissions? Am 10.07.2016 um 23:51 schrieb Stefan Priebe - Profihost AG: > Hi, > > is there a proposed way how to connect from non root f.e. a monitoring > system to the ceph admin socket? > > In the past they were created with 777 permissions but now they're 755 > which prevents me from connecting from our monitoring daemon. I don't > like to set CAP_DAC_OVERRIDE for the monitoring agent. > > Greets, > Stefan > > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[ceph-users] ceph admin socket from non root
Hi, is there a proposed way how to connect from non root f.e. a monitoring system to the ceph admin socket? In the past they were created with 777 permissions but now they're 755 which prevents me from connecting from our monitoring daemon. I don't like to set CAP_DAC_OVERRIDE for the monitoring agent. Greets, Stefan ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
