DAOS-18262 common: make sure DAOS file permissions are always 0XXY#17680
DAOS-18262 common: make sure DAOS file permissions are always 0XXY#17680
Conversation
At least: - 0660 for files - 0770 for directories. So daos_server group can access DAOS files. Signed-off-by: Jan Michalski <jan-marian.michalski@hpe.com>
|
Ticket title is 'dlck command seems to require sudo privileges. Also hit the DER_NOMEM (-1009) issue.' |
src/rdb/rdb.c
Outdated
| path, (unsigned char *)uuid, params->rcp_size, 0 /* data_sz */, 0 /* meta_sz */, | ||
| VOS_POF_SMALL | VOS_POF_EXCL | VOS_POF_RDB | VOS_POF_EXTERNAL_CHKPT, | ||
| params->rcp_vos_df_version, &pool); | ||
| (void)umask(stored_mask); |
There was a problem hiding this comment.
Would it be safer and more appropriate to do this in dss_vos_pool_create (actually why not in server_init or daos_engine's main) instead? Is rdb special in some way?
There was a problem hiding this comment.
The thing is you can put them in many different places and end up with the intended result. RDB turned out to be special because of the position I put other umask() calls so one rdb_create() call had been left unattended. But no more. I move this call a little higher up the stack so now it covers all necessary contexts. No special case for RDB. I hope you like this way. 🙂
There was a problem hiding this comment.
Thank you for responding. I'd think either one approaches the file permission problem from outside of daos_engine or even daos_server (for instance, is there any systemd setting?), or one does it in main once. It's especially concerning if one changes umask to a more permissive value (e.g., 0). That said, I've not investigated into umasks deeply myself.
There was a problem hiding this comment.
Since umask is per process, not per thread, changing and restoring it in target threads brings up potential questions on races among the threads---one might not want to get into such a situation.
| goto out; | ||
|
|
||
| rc = mkdir(tca->tca_newborn, 0700); | ||
| rc = mkdir(tca->tca_newborn, 0770); |
There was a problem hiding this comment.
| rc = mkdir(tca->tca_newborn, 0770); | |
| rc = mkdir(tca->tca_newborn, S_IRWXU | S_IRWXG); |
| const ( | ||
| aioBlockSize = humanize.KiByte * 4 // device block size hardcoded to 4096 bytes | ||
| defaultAioFileMode = 0600 // AIO file permissions set to owner +rw | ||
| defaultAioFileMode = 0660 // AIO file permissions set to owner +rw |
There was a problem hiding this comment.
| defaultAioFileMode = 0660 // AIO file permissions set to owner +rw | |
| defaultAioFileMode = 0660 // AIO file permissions set to owner and group +rw |
| goto out; | ||
| } | ||
| rc = mkdir(pool_newborns_path, 0700); | ||
| rc = mkdir(pool_newborns_path, 0770); |
There was a problem hiding this comment.
| rc = mkdir(pool_newborns_path, 0770); | |
| rc = mkdir(pool_newborns_path, S_IRWXU | S_IRWXG); |
|
|
||
| func createRaftDir(dbPath string) error { | ||
| if err := os.Mkdir(dbPath, 0700); err != nil && !os.IsExist(err) { | ||
| var perm os.FileMode = 0770 |
There was a problem hiding this comment.
Please be consistent: perms := os.FileMode(0775) was used above
| var perm os.FileMode = 0770 | |
| perms := os.FileMode(0770) |
Remove from tgt_create_preallocate() and rdb_create(). Add one in ds_mgmt_create_pool(). Signed-off-by: Jan Michalski <jan-marian.michalski@hpe.com>
|
Test stage Functional Hardware Medium MD on SSD completed with status UNSTABLE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net/job/daos-stack/job/daos//view/change-requests/job/PR-17680/2/testReport/ |
| } | ||
|
|
||
| if err := p.sys.Mkdir(req.DataPath, 0755); err != nil { | ||
| if err := p.sys.Mkdir(req.DataPath, perms); err != nil { |
There was a problem hiding this comment.
Given we repeat this sequence it would be nice to have a helper that performs Mkdir+Chmod to avoid the specified problem where the permissions are reduced by the umask.
There was a problem hiding this comment.
Agreed with Tom. Such a function would belong in src/control/common/file_utils.go.
| static int | ||
| db_open_create(struct sys_db *db, bool try_create) | ||
| { | ||
| const mode_t db_dir_mode = 0770; |
There was a problem hiding this comment.
| const mode_t db_dir_mode = 0770; | |
| const mode_t db_dir_mode = S_IRWXU | S_IRWXG; |
| } | ||
|
|
||
| func (p *Provider) setupDataDir(req storage.MetadataFormatRequest) error { | ||
| perms := os.FileMode(0775) |
There was a problem hiding this comment.
Would it make sense to have a constant somewhere indicating these new default perms? Same question applies at the engine level.
If we define the permission values in a C header file for the engines, we can import it in our Go package lib/daos.
| } | ||
|
|
||
| if err := p.sys.Mkdir(req.DataPath, 0755); err != nil { | ||
| if err := p.sys.Mkdir(req.DataPath, perms); err != nil { |
There was a problem hiding this comment.
Agreed with Tom. Such a function would belong in src/control/common/file_utils.go.
|
|
||
| // Boltdb file permissions on create are set to 0600. | ||
| // The os.Chmod ensures the final permissions for both the user and their group are the same. | ||
| err = os.Chmod(dbCfg.DBFilePath(), 0660) |
There was a problem hiding this comment.
Given how many places this needs to be added, I'd suggest adding SetDefaultFilePerm and SetDefaultDirPerm functions to keep the specifics of these defaults all in one place.
6 participants
At least:
So daos_server group can access DAOS files.
Guide MD-on-PMEM
Guide MD-on-SSD
tree config/daos_control/ config/daos_control/ src/control/server/storage/metadata/provider.go:207 ├── control_raft src/control/system/raft/raft_recovery.go:93 │ ├── daos_system.db src/control/system/raft/raft.go:269 │ └── snapshots No change │ └── 2-39-1773083440395 │ ├── meta.json │ └── state.bin └── engine0 src/control/server/storage/metadata/provider.go:233 ├── daos_nvme.conf src/control/server/storage/bdev/backend_class.go:106 ├── daos_sys src/vos/sys_db.c:131 │ └── sys_db No change └── superblock src/control/common/file_utils.go:141,src/control/server/instance_superblock.go:208Steps for the author:
After all prior steps are complete: