Gluster users - Sep 2017 - Permission for glusterfs logs.

Any suggestion would be appreciated...

On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at
gmail.com> wrote:
> Any quick suggestion.....?
>
> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <abhishpaliwal at
gmail.com
> > wrote:
>
>> Hi Team,
>>
>> As you can see permission for the glusterfs logs in /var/log/glusterfs
is
>> 600.
>>
>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
>> *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
>> *-rw------- 1 root root 2102 Jan  3 20:21
etc-glusterfs-glusterd.vol.log*
>>
>> Due to that non-root user is not able to access these logs files, could
>> you please let me know how can I change these permission. So that
non-root
>> user can also access these log files.
>>
>> Regards,
>> Abhishek Paliwal
>>
>
>
>
> --
>
>
>
>
> Regards
> Abhishek Paliwal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20170919/f8d2a78a/attachment.html>

Hi Team,

I did some modification in glusterfs code and now able to modify the
permission of maximum of files.

But still 2 file's permission in 0600

1. cli.log
2. file which contains the mounting information for "mount -t
glusterfs"
command

I will really appreciate, if some can point light on this area. Also is
there any side effect of changing these permissions apart from other user
can access these.

Regards,
Abhishek

On Tue, Sep 19, 2017 at 6:52 AM, ABHISHEK PALIWAL <abhishpaliwal at
gmail.com>
wrote:
> Any suggestion would be appreciated...
>
> On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at
gmail.com> wrote:
>
>> Any quick suggestion.....?
>>
>> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <
>> abhishpaliwal at gmail.com> wrote:
>>
>>> Hi Team,
>>>
>>> As you can see permission for the glusterfs logs in
/var/log/glusterfs
>>> is 600.
>>>
>>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
>>> *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
>>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
>>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
>>> *-rw------- 1 root root 2102 Jan  3 20:21
etc-glusterfs-glusterd.vol.log*
>>>
>>> Due to that non-root user is not able to access these logs files,
could
>>> you please let me know how can I change these permission. So that
non-root
>>> user can also access these log files.
>>>
>>> Regards,
>>> Abhishek Paliwal
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> Regards
>> Abhishek Paliwal
>>
>

-- 




Regards
Abhishek Paliwal
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20170920/dfeb7767/attachment.html>

On 09/18/2017 09:22 PM, ABHISHEK PALIWAL wrote:
> Any suggestion would be appreciated...
> 
> On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at
gmail.com
> <mailto:abhishpaliwal at gmail.com>> wrote:
> 
>     Any quick suggestion.....?
> 
>     On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL
>     <abhishpaliwal at gmail.com <mailto:abhishpaliwal at
gmail.com>> wrote:
> 
>         Hi Team,
> 
>         As you can see permission for the glusterfs logs in
>         /var/log/glusterfs is 600.
> 
>         drwxr-xr-x 3 root root? 140 Jan? 1 00:00 ..
>         *-rw------- 1 root root??? 0 Jan? 3 20:21 cmd_history.log*
>         drwxr-xr-x 2 root root?? 40 Jan? 3 20:21 bricks
>         drwxr-xr-x 3 root root? 100 Jan? 3 20:21 .
>         *-rw------- 1 root root 2102 Jan? 3 20:21
>         etc-glusterfs-glusterd.vol.log*
> 
>         Due to that non-root user is not able to access these logs
>         files, could you please let me know how can I change these
>         permission. So that non-root user can also access these log files.
>
There is no "quick fix."  Gluster creates the log files with 0600 ?
like
nearly everything else in /var/log.

The admin can chmod the files, but when the logs rotate the new log
files will be 0600 again.

You'd have to patch the source and rebuild to get different permission bits.

You can probably do something with ACLs, but as above, when the logs
rotate the new files won't have the ACLs.



-- 

Kaleb

Wouldn't a simple chmod 644 logfile suffice? This will give read
permissions to all.

Otherwise you could change the group ownership (chgroup), give read
permissuons to this group (640) then make the users a member of this group.

Alex


On Sep 20, 2017 2:37 PM, "ABHISHEK PALIWAL" <abhishpaliwal at
gmail.com> wrote:

Any suggestion would be appreciated...

On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal at
gmail.com> wrote:
> Any quick suggestion.....?
>
> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <abhishpaliwal at
gmail.com
> > wrote:
>
>> Hi Team,
>>
>> As you can see permission for the glusterfs logs in /var/log/glusterfs
is
>> 600.
>>
>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
>> *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
>> *-rw------- 1 root root 2102 Jan  3 20:21
etc-glusterfs-glusterd.vol.log*
>>
>> Due to that non-root user is not able to access these logs files, could
>> you please let me know how can I change these permission. So that
non-root
>> user can also access these log files.
>>
>> Regards,
>> Abhishek Paliwal
>>
>
>
>
> --
>
>
>
>
> Regards
> Abhishek Paliwal
>
_______________________________________________
Gluster-users mailing list
Gluster-users at gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20170920/30d176fb/attachment.html>

On Wed, Sep 20, 2017 at 04:38:51PM +0530, ABHISHEK PALIWAL
wrote:
> Hi Team,
> 
> I did some modification in glusterfs code and now able to modify the
> permission of maximum of files.
> 
> But still 2 file's permission in 0600
> 
> 1. cli.log
> 2. file which contains the mounting information for "mount -t
glusterfs"
> command
> 
> I will really appreciate, if some can point light on this area. Also is
> there any side effect of changing these permissions apart from other user
> can access these.
Certain actions may result in filenames being logged. It may not be
appropriate to have all users know what files other users have access
to.

In an other reply, I explained how ACLs may help with this. Most
environments will have a sysadmin group that can be allowed to read the
log files without compromising too much on the confidentiality.

Changing the source code is almost always the wrong approach. It will
make it difficult for you to update to a newer version. If changes are
needed, you probably should look into sending patches that include a
configuration or commandline option to adjust log-create permissions.

Niels

> 
> Regards,
> Abhishek
> 
> On Tue, Sep 19, 2017 at 6:52 AM, ABHISHEK PALIWAL <abhishpaliwal at
gmail.com>
> wrote:
> 
> > Any suggestion would be appreciated...
> >
> > On Sep 18, 2017 15:05, "ABHISHEK PALIWAL" <abhishpaliwal
at gmail.com> wrote:
> >
> >> Any quick suggestion.....?
> >>
> >> On Mon, Sep 18, 2017 at 1:50 PM, ABHISHEK PALIWAL <
> >> abhishpaliwal at gmail.com> wrote:
> >>
> >>> Hi Team,
> >>>
> >>> As you can see permission for the glusterfs logs in
/var/log/glusterfs
> >>> is 600.
> >>>
> >>> drwxr-xr-x 3 root root  140 Jan  1 00:00 ..
> >>> *-rw------- 1 root root    0 Jan  3 20:21 cmd_history.log*
> >>> drwxr-xr-x 2 root root   40 Jan  3 20:21 bricks
> >>> drwxr-xr-x 3 root root  100 Jan  3 20:21 .
> >>> *-rw------- 1 root root 2102 Jan  3 20:21
etc-glusterfs-glusterd.vol.log*
> >>>
> >>> Due to that non-root user is not able to access these logs
files, could
> >>> you please let me know how can I change these permission. So
that non-root
> >>> user can also access these log files.
> >>>
> >>> Regards,
> >>> Abhishek Paliwal
> >>>
> >>
> >>
> >>
> >> --
> >>
> >>
> >>
> >>
> >> Regards
> >> Abhishek Paliwal
> >>
> >
> 
> 
> -- 
> 
> 
> 
> 
> Regards
> Abhishek Paliwal
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20170922/44a9fde9/attachment.sig>