Feature #9133

create ceph user/group; run daemons as ceph (non-root)

Added by Sage Weil about 8 years ago. Updated over 4 years ago.

Target version:
% Done:


Affected Versions:
Pull request ID:


this will involve lots of updates to packaging.


#1 Updated by S├ębastien Han about 8 years ago

Indeed a lot of packaging updates and probably many difficulties to properly upgrade daemons :/

Anyone working on that yet?

#2 Updated by Sage Weil almost 8 years ago

  • Priority changed from Normal to High

#3 Updated by Danny Al-Gaaf over 7 years ago

@Sebastien: I plan to work on this issue (if nobody is currently working on this one) since it's related to my blueprint:

#4 Updated by Danny Al-Gaaf over 7 years ago

  • Assignee set to Danny Al-Gaaf

#5 Updated by Vasu Kulkarni over 7 years ago

We should also change the references in the document that tell to create "ceph" user using ceph-deploy

#6 Updated by Ken Dreyer over 7 years ago

  • Status changed from New to In Progress

The wip-user branch in GitHub has the work done so far. See also

#7 Updated by Sage Weil over 7 years ago

  • Target version set to v9.0.2

#8 Updated by Ken Dreyer over 7 years ago

Fedora BZ for uid/gid numbers:

#9 Updated by Vladislav Odintsov over 6 years ago

@S├ębastien, @Danny, what do you think about radosgw daemon? It still runs as root.
I've got my own draft for switching to non-root user for RGW:

I think, RGW should use its own user, for instance, radosgw, because ceph user has raw access to filesystem and RGW doesn't need it.

I suggest:
1. On package installation: check if radosgw user exists and create it in ceph group in case of absence.
2. On package removal: try to remove radosgw user.
3. Change DEFAULT_USER in RGW initscript to radosgw

What do you think about it? Should I change something and pull request, or somebody already did this better, and I just haven't found it?
Also these scripts should be added to deb post and pre scripts, but it was not a goal for me.

#10 Updated by Sage Weil over 4 years ago

  • Status changed from In Progress to Rejected

Also available in: Atom PDF