subject:"\[Gluster\-devel\] Permission for glusterfs logs."

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-22 Thread Niels de Vos

On Wed, Sep 20, 2017 at 07:50:58AM -0400, Kaleb S. KEITHLEY wrote:
> On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> > Any suggestion would be appreciated...
> > 
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  > > wrote:
> > 
> > Any quick suggestion.?
> > 
> > On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
> > > wrote:
> > 
> > Hi Team,
> > 
> > As you can see permission for the glusterfs logs in
> > /var/log/glusterfs is 600.
> > 
> > drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> > *-rw--- 1 root root    0 Jan  3 20:21 cmd_history.log*
> > drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> > drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> > *-rw--- 1 root root 2102 Jan  3 20:21
> > etc-glusterfs-glusterd.vol.log*
> > 
> > Due to that non-root user is not able to access these logs
> > files, could you please let me know how can I change these
> > permission. So that non-root user can also access these log files.
> >
> 
> There is no "quick fix."  Gluster creates the log files with 0600 — like
> nearly everything else in /var/log.
> 
> The admin can chmod the files, but when the logs rotate the new log
> files will be 0600 again.
> 
> You'd have to patch the source and rebuild to get different permission bits.
> 
> You can probably do something with ACLs, but as above, when the logs
> rotate the new files won't have the ACLs.

Actually, if you set the 'default' ACL on the /var/log/gluster and other
directories, it gets inherited to new files that are created under
there. (The 'chmod' permissions for the directory will apply as
maximum permissions for ACLs, with chmod=755 reading files is possible.)

Something like this might work (give group 'admin' read permissions):

  # setfacl -d -m g:admin:r $(find /var/log/gluster -type d)
  # setfacl -R -m g:admin:r /var/log/gluster

Once you test this out, and are successful, you might want to add this
to the documentation on http://docs.gluster.org/ somewhere. Pull
requests can be sent to https://github.com/gluster/glusterdocs/ .

Thanks,
Niels


signature.asc
Description: PGP signature
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-22 Thread Niels de Vos

On Wed, Sep 20, 2017 at 04:38:51PM +0530, ABHISHEK PALIWAL wrote:
> Hi Team,
> 
> I did some modification in glusterfs code and now able to modify the
> permission of maximum of files.
> 
> But still 2 file's permission in 0600
> 
> 1. cli.log
> 2. file which contains the mounting information for "mount -t glusterfs"
> command
> 
> I will really appreciate, if some can point light on this area. Also is
> there any side effect of changing these permissions apart from other user
> can access these.

Certain actions may result in filenames being logged. It may not be
appropriate to have all users know what files other users have access
to.

In an other reply, I explained how ACLs may help with this. Most
environments will have a sysadmin group that can be allowed to read the
log files without compromising too much on the confidentiality.

Changing the source code is almost always the wrong approach. It will
make it difficult for you to update to a newer version. If changes are
needed, you probably should look into sending patches that include a
configuration or commandline option to adjust log-create permissions.

Niels


> 
> Regards,
> Abhishek
> 
> On Tue, Sep 19, 2017 at 6:52 AM, ABHISHEK PALIWAL 
> wrote:
> 
> > Any suggestion would be appreciated...
> >
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  wrote:
> >
> >> Any quick suggestion.?
> >>
> >> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <
> >> abhishpali...@gmail.com> wrote:
> >>
> >>> Hi Team,
> >>>
> >>> As you can see permission for the glusterfs logs in /var/log/glusterfs
> >>> is 600.
> >>>
> >>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> >>> *-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
> >>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> >>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> >>> *-rw--- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*
> >>>
> >>> Due to that non-root user is not able to access these logs files, could
> >>> you please let me know how can I change these permission. So that non-root
> >>> user can also access these log files.
> >>>
> >>> Regards,
> >>> Abhishek Paliwal
> >>>
> >>
> >>
> >>
> >> --
> >>
> >>
> >>
> >>
> >> Regards
> >> Abhishek Paliwal
> >>
> >
> 
> 
> -- 
> 
> 
> 
> 
> Regards
> Abhishek Paliwal

> ___
> Gluster-devel mailing list
> Gluster-devel@gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-devel



signature.asc
Description: PGP signature
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-20 Thread Kaleb S. KEITHLEY

On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> Any suggestion would be appreciated...
> 
> On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  > wrote:
> 
> Any quick suggestion.?
> 
> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
> > wrote:
> 
> Hi Team,
> 
> As you can see permission for the glusterfs logs in
> /var/log/glusterfs is 600.
> 
> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> *-rw--- 1 root root    0 Jan  3 20:21 cmd_history.log*
> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> *-rw--- 1 root root 2102 Jan  3 20:21
> etc-glusterfs-glusterd.vol.log*
> 
> Due to that non-root user is not able to access these logs
> files, could you please let me know how can I change these
> permission. So that non-root user can also access these log files.
>

There is no "quick fix."  Gluster creates the log files with 0600 — like
nearly everything else in /var/log.

The admin can chmod the files, but when the logs rotate the new log
files will be 0600 again.

You'd have to patch the source and rebuild to get different permission bits.

You can probably do something with ACLs, but as above, when the logs
rotate the new files won't have the ACLs.



-- 

Kaleb
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-20 Thread ABHISHEK PALIWAL

Hi Team,

I did some modification in glusterfs code and now able to modify the
permission of maximum of files.

But still 2 file's permission in 0600

1. cli.log
2. file which contains the mounting information for "mount -t glusterfs"
command

I will really appreciate, if some can point light on this area. Also is
there any side effect of changing these permissions apart from other user
can access these.

Regards,
Abhishek

On Tue, Sep 19, 2017 at 6:52 AM, ABHISHEK PALIWAL 
wrote:

> Any suggestion would be appreciated...
>
> On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  wrote:
>
>> Any quick suggestion.?
>>
>> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <
>> abhishpali...@gmail.com> wrote:
>>
>>> Hi Team,
>>>
>>> As you can see permission for the glusterfs logs in /var/log/glusterfs
>>> is 600.
>>>
>>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
>>> *-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
>>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
>>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
>>> *-rw--- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*
>>>
>>> Due to that non-root user is not able to access these logs files, could
>>> you please let me know how can I change these permission. So that non-root
>>> user can also access these log files.
>>>
>>> Regards,
>>> Abhishek Paliwal
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> Regards
>> Abhishek Paliwal
>>
>


-- 




Regards
Abhishek Paliwal
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-20 Thread ABHISHEK PALIWAL

I have modified the source code and its working fine but only below two
files permission is not getting change even after modification.

1. cli.log
2. file which contains the mounting information for "mount -t glusterfs"
command

On Wed, Sep 20, 2017 at 5:20 PM, Kaleb S. KEITHLEY 
wrote:

> On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> > Any suggestion would be appreciated...
> >
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  > > wrote:
> >
> > Any quick suggestion.?
> >
> > On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
> > > wrote:
> >
> > Hi Team,
> >
> > As you can see permission for the glusterfs logs in
> > /var/log/glusterfs is 600.
> >
> > drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> > *-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
> > drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> > drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> > *-rw--- 1 root root 2102 Jan  3 20:21
> > etc-glusterfs-glusterd.vol.log*
> >
> > Due to that non-root user is not able to access these logs
> > files, could you please let me know how can I change these
> > permission. So that non-root user can also access these log
> files.
> >
>
> There is no "quick fix."  Gluster creates the log files with 0600 — like
> nearly everything else in /var/log.
>
> The admin can chmod the files, but when the logs rotate the new log
> files will be 0600 again.
>
> You'd have to patch the source and rebuild to get different permission
> bits.
>
> You can probably do something with ACLs, but as above, when the logs
> rotate the new files won't have the ACLs.
>
>
>
> --
>
> Kaleb
>



-- 




Regards
Abhishek Paliwal
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-20 Thread ABHISHEK PALIWAL

Any suggestion would be appreciated...

On Sep 18, 2017 15:05, "ABHISHEK PALIWAL"  wrote:

> Any quick suggestion.?
>
> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL  > wrote:
>
>> Hi Team,
>>
>> As you can see permission for the glusterfs logs in /var/log/glusterfs is
>> 600.
>>
>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
>> *-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
>> *-rw--- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*
>>
>> Due to that non-root user is not able to access these logs files, could
>> you please let me know how can I change these permission. So that non-root
>> user can also access these log files.
>>
>> Regards,
>> Abhishek Paliwal
>>
>
>
>
> --
>
>
>
>
> Regards
> Abhishek Paliwal
>
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

2017-09-19 Thread ABHISHEK PALIWAL

Any quick suggestion.?

On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL 
wrote:

> Hi Team,
>
> As you can see permission for the glusterfs logs in /var/log/glusterfs is
> 600.
>
> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> *-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> *-rw--- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*
>
> Due to that non-root user is not able to access these logs files, could
> you please let me know how can I change these permission. So that non-root
> user can also access these log files.
>
> Regards,
> Abhishek Paliwal
>



-- 




Regards
Abhishek Paliwal
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

[Gluster-devel] Permission for glusterfs logs.

2017-09-19 Thread ABHISHEK PALIWAL

Hi Team,

As you can see permission for the glusterfs logs in /var/log/glusterfs is
600.

drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
*-rw--- 1 root root0 Jan  3 20:21 cmd_history.log*
drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
drwxr-xr-x 3 root root  100 Jan  3 20:21 .
*-rw--- 1 root root 2102 Jan  3 20:21 etc-glusterfs-glusterd.vol.log*

Due to that non-root user is not able to access these logs files, could you
please let me know how can I change these permission. So that non-root user
can also access these log files.

Regards,
Abhishek Paliwal
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

Re: [Gluster-devel] Permission for glusterfs logs.

[Gluster-devel] Permission for glusterfs logs.

8 matches

Site Navigation

Mail list logo

Footer information