Bug 1217817 - [RFE] Run ceph daemons as ceph user/group
Summary: [RFE] Run ceph daemons as ceph user/group
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RADOS
Version: 1.2.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 2.0
Assignee: Ken Dreyer (Red Hat)
QA Contact: shylesh
Bara Ancincova
URL:
Whiteboard:
: 1217859 (view as bug list)
Depends On: 1220846 1221042 1221043
Blocks: 1322504
TreeView+ depends on / blocked
 
Reported: 2015-05-01 18:38 UTC by Sage Weil
Modified: 2017-07-30 15:11 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
.Ceph daemons now run as the `ceph` user and group With this release, Ceph daemons, such as `ceph-osd` or `ceph-mon`, no longer run as `root` but run as the `ceph` user that belongs to the `ceph` group. This change improves security of the Ceph cluster.
Clone Of:
Environment:
Last Closed: 2016-08-23 19:25:42 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Ceph Project Bug Tracker 9133 None None None Never
Red Hat Knowledge Base (Solution) 2909121 None None None 2017-02-06 22:38:44 UTC
Red Hat Product Errata RHBA-2016:1755 normal SHIPPED_LIVE Red Hat Ceph Storage 2.0 bug fix and enhancement update 2016-08-23 23:23:52 UTC

Description Sage Weil 2015-05-01 18:38:24 UTC
Description of problem:

Daemons run as root, which is not a good practice for security.

Expected results:

Run as user ceph and group ceph.


Additional info:

Comment 2 Neil Levine 2015-05-01 23:34:31 UTC
*** Bug 1217859 has been marked as a duplicate of this bug. ***

Comment 3 Ken Dreyer (Red Hat) 2016-02-29 16:02:54 UTC
This will be in RHCS 2 (it has been upstream since Infernalis).

Comment 9 errata-xmlrpc 2016-08-23 19:25:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1755


Note You need to log in before you can comment on or make changes to this bug.