[jira] [Commented] (CASSANDRA-4355) Better debian packaging permissions
[ https://issues.apache.org/jira/browse/CASSANDRA-4355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13397835#comment-13397835 ] paul cannon commented on CASSANDRA-4355: I thought the outcome of the discussion was that the monitoring application should probably chgrp /etc/cassandra on its own, and add its own user to that group. I'm -1 on cassandra having write permissions on its own config, unless it's config intended to be written and updated by software (in which case it should go in /var). > Better debian packaging permissions > --- > > Key: CASSANDRA-4355 > URL: https://issues.apache.org/jira/browse/CASSANDRA-4355 > Project: Cassandra > Issue Type: Bug >Reporter: Nick Bailey >Assignee: Nick Bailey > Fix For: 0.8.11, 1.0.11, 1.1.2, 1.2 > > Attachments: 0001-Better-permissions-in-deb-package-v2.patch, > 0001-Better-permissions-in-deb-package.patch > > > The debian package creates a cassandra user for the process to run as. It > chowns /var/lib/cassandra and /var/log/cassandra, but it doesn't grant group > level access to these files. It should do a 'chown cassandra:cassandra ...' > so that users in the cassandra group can also access those files. Also we > should chown /etc/cassandra and any other files/directories created. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-4355) Better debian packaging permissions
[ https://issues.apache.org/jira/browse/CASSANDRA-4355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396296#comment-13396296 ] Nick Bailey commented on CASSANDRA-4355: I'm also wondering if there are any generally accepted practices regarding giving the cassandra group itself write permissions to these directories/files. >From the perspective of someone writing a monitoring application, I would like >to be able to have our packaging create its own user and add that user to the >cassandra group, and at that point have read/write access to configuration >files/snapshots/other things. > Better debian packaging permissions > --- > > Key: CASSANDRA-4355 > URL: https://issues.apache.org/jira/browse/CASSANDRA-4355 > Project: Cassandra > Issue Type: Bug >Reporter: Nick Bailey >Assignee: Nick Bailey > Attachments: 0001-Better-permissions-in-deb-package.patch > > > The debian package creates a cassandra user for the process to run as. It > chowns /var/lib/cassandra and /var/log/cassandra, but it doesn't grant group > level access to these files. It should do a 'chown cassandra:cassandra ...' > so that users in the cassandra group can also access those files. Also we > should chown /etc/cassandra and any other files/directories created. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-4355) Better debian packaging permissions
[ https://issues.apache.org/jira/browse/CASSANDRA-4355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396292#comment-13396292 ] Nick Bailey commented on CASSANDRA-4355: Actually I was wrong. The 'cassandra:' syntax does make the cassandra group the group for the files. The addition of /etc/cassandra and /usr/share/cassandra is still desirable though. > Better debian packaging permissions > --- > > Key: CASSANDRA-4355 > URL: https://issues.apache.org/jira/browse/CASSANDRA-4355 > Project: Cassandra > Issue Type: Bug >Reporter: Nick Bailey >Assignee: Nick Bailey > Attachments: 0001-Better-permissions-in-deb-package.patch > > > The debian package creates a cassandra user for the process to run as. It > chowns /var/lib/cassandra and /var/log/cassandra, but it doesn't grant group > level access to these files. It should do a 'chown cassandra:cassandra ...' > so that users in the cassandra group can also access those files. Also we > should chown /etc/cassandra and any other files/directories created. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira