Ceph

I think we need the equivalent of

https://github.com/ceph/ceph/blob/master/debian/ceph-common.postinst#L67-L86

RPM does fix the file/dir ownership on upgrade. What happens here is that these files are managed by systemd and systemd will fix up the permissions to root/root -- it is running as root, it is managing the pid files and with systemd, the (/var)/run directory is a mounted tmpfs so no chmod/chown in post script will make the files owned by ceph forever.

I suppose we could try to not own (nor create) the file if we do a systemd build, though as it is fairly pointless to own the file/dir on systemd-enabled machines where the pid files are managed by systemd itself.

btw: I believe the ownership/permissions of these files should be tunable in the systemd unit files.

Boris Ranto wrote:

RPM does fix the file/dir ownership on upgrade. What happens here is that these files are managed by systemd and systemd will fix up the permissions to root/root -- it is running as root, it is managing the pid files and with systemd, the (/var)/run directory is a mounted tmpfs so no chmod/chown in post script will make the files owned by ceph forever.

I suppose we could try to not own (nor create) the file if we do a systemd build, though as it is fairly pointless to own the file/dir on systemd-enabled machines where the pid files are managed by systemd itself.

btw: I believe the ownership/permissions of these files should be tunable in the systemd unit files.

Isn't this waht the tmpfiles.d file controls?

https://github.com/ceph/ceph/blob/master/systemd/ceph.tmpfiles.d

I think the problem is that for a new install systemd-tmpfiles creates it correctly, but for an upgrade the existing dir isn't fixed...?