Re: [collectd] rrdcached plugin: Problems with file permissions
Hi, Giovanni Torres wrote: > A recursive setfacl on /srv/rrdcached/data might work, something like: > > setfacl -R -m d:u:collectd:rwX /srv/rrdcached/data I thought about using ACLs, too but it doesn't work due to effective permission ignoring the set mask [1]: # file: data/test1.example.org/load/ # owner: collectd # group: rrdcached # flags: -s- user::rwx group::rwx group:collectd:rwx group:rrdcached:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:collectd:rwx default:group:rrdcached:rwx default:mask::rwx default:other::--- # file: data/test1.example.org/load/load.rrd # owner: collectd # group: rrdcached user::rw- group::rwx #effective:r-- group:collectd:rwx #effective:r-- group:rrdcached:rwx #effective:r-- mask::r-- other::r-- To be honest I don't understand why this applies to collectd (must be the whay collectd is creating the file) but in general this should work: $ touch data/test1.example.org/foo $ getfacl data/test1.example.org/foo # file: data/test1.example.org/foo # owner: root # group: rrdcached user::rw- group::rwx #effective:rw- group:collectd:rwx #effective:rw- group:rrdcached:rwx #effective:rw- mask::rw- other::--- In this case, "foo" could be updated. [1] http://michael.orlitzky.com/articles/problems_with_posix_acls_and_common_utilities.php -Thomas ___ collectd mailing list collectd@verplant.org http://mailman.verplant.org/listinfo/collectd
[collectd] rrdcached plugin: Problems with file permissions
Hi,
I want to use an own user for collectd (collectd) and rrdcached (rrdcached).
Therefore the user "collectd" is in group "rrdcached".
I created "/srv/rrdcached{,/data,/journal}" with "chmod 2770" (user and
group is set to "rrdcached").
Collectd is able to create files in "/srv/rrdcached/data/*" but is
unable to update the created file:
> Oct 3 23:20:45 collect0r collectd[32139]: rrdcached plugin: rrdc_update
> (/srv/rrdcached/data/test1.example.org/load/load.rrd,
> [1443907245:0.02:0.10:0.09], 1) failed with status -1.
That's because collectd created the file with mode 644.
When changing permissions to 664 everything works.
So isn't it recommended to run both services using separated users?
Maybe we can have a "mode" option in rrdcached plugin to control file
creation or is that a bad idea (i.e. do you recommend to change my setup)?
Thanks!
-Thomas
___
collectd mailing list
collectd@verplant.org
http://mailman.verplant.org/listinfo/collectd
