Flavio Leitner <f...@sysclose.org> writes: > On Wed, Mar 22, 2017 at 12:43:29PM -0400, Eric Garver wrote: >> On Tue, Mar 21, 2017 at 02:20:30PM -0400, Aaron Conole wrote: >> > Aaron Conole <acon...@redhat.com> writes: >> > >> > > The Open vSwitch run, log, and DB directories are installed as part of >> > > the >> > > normal `make install` process. However, this means they are created with >> > > user and group ownership that may conflict with the desired user. For >> > > example, running `make install` as root will install those files as >> > > root:root, whereas the runtime user desired may be >> > > openvswitch:openvswitch. >> > > >> > > Since these directories are automatically created as part of the ovs-ctl >> > > command, and with the correct user:group permissions, it makes sense to >> > > delay creation until these directories are actually required. >> > > >> > > Signed-off-by: Aaron Conole <acon...@redhat.com> >> > > --- >> > >> > I was about to submit this with a fixup to the rhel side, but I dug into >> > an older mailing list discussion where at least it seems like Ben wanted >> > the make install to create these runtime directories[1], presumably to >> > alleviate concerns with adding these mkdir type directives to each >> > distro. >> > >> > I'm not sure how best to proceed with this effort, since I want to >> > enable non-root ovs 'out of the box'. If that has to be done >> > distro-specific (and I should simply modify the .spec file for this), >> > then that may be acceptable for me. I think the issue encountered in >> > [1] is due to not using ovs-ctl to start the daemons. Perhaps it will >> > still be required from the fedora side to create these directories - I'm >> > not sure. >> > >> > Thoughts? >> > >> > 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html >> >> Seems the perm changes should be part of the distro specific stuff. >> Don't they also have to create the users/groups? > > They seem to be two separate problems. If an user is using "make > install", most probably it needs to be root anyways and who knows > which user he/she wants to use.
True - but that means after installing with `make install`, doing something like: useradd openvswitch && /path/to/ovs-ctl --ovs-user='openvswitch:nobody' start will encounter errors related to the installed directories. The user can go ahead and change those permissions. Maybe that is the approach that makes the most sense. > On a distribution level, it doesn't matter much what make install does > because RPM can fix permissions, create a standard user/groups, fix the > initialization, and so on. I think that's probably going to be the avenue I continue to pursue in this effort. I was trying to be as generic as possible, but probably this case needs to be fixed up on a per-distribution (and even operating system) basis. Thanks for the feedback, Flavio and Eric! _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
