[collectd] rrdcached plugin: Problems with file permissions
Thomas D.
whissi at whissi.de
Sun Oct 4 16:17:53 CEST 2015
Hi,
Giovanni Torres wrote:
> A recursive setfacl on /srv/rrdcached/data might work, something like:
>
> setfacl -R -m d:u:collectd:rwX /srv/rrdcached/data
I thought about using ACLs, too but it doesn't work due to effective
permission ignoring the set mask [1]:
# file: data/test1.example.org/load/
# owner: collectd
# group: rrdcached
# flags: -s-
user::rwx
group::rwx
group:collectd:rwx
group:rrdcached:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:collectd:rwx
default:group:rrdcached:rwx
default:mask::rwx
default:other::---
# file: data/test1.example.org/load/load.rrd
# owner: collectd
# group: rrdcached
user::rw-
group::rwx #effective:r--
group:collectd:rwx #effective:r--
group:rrdcached:rwx #effective:r--
mask::r--
other::r--
To be honest I don't understand why this applies to collectd (must be
the whay collectd is creating the file) but in general this should work:
$ touch data/test1.example.org/foo
$ getfacl data/test1.example.org/foo
# file: data/test1.example.org/foo
# owner: root
# group: rrdcached
user::rw-
group::rwx #effective:rw-
group:collectd:rwx #effective:rw-
group:rrdcached:rwx #effective:rw-
mask::rw-
other::---
In this case, "foo" could be updated.
[1]
http://michael.orlitzky.com/articles/problems_with_posix_acls_and_common_utilities.php
-Thomas
More information about the collectd
mailing list