1217817 – [RFE] Run ceph daemons as ceph user/group

Bug 1217817 - [RFE] Run ceph daemons as ceph user/group

Summary: [RFE] Run ceph daemons as ceph user/group

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RADOS
Sub Component:
Version:	1.2.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	2.0
Assignee:	Ken Dreyer (Red Hat)
QA Contact:	shylesh
Docs Contact:	Bara Ancincova
URL:
Whiteboard:
Duplicates (1):	1217859 (view as bug list)
Depends On:	1220846 1221042 1221043
Blocks:	1322504
TreeView+	depends on / blocked

Reported:	2015-05-01 18:38 UTC by Sage Weil
Modified:	2022-02-21 18:34 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	.Ceph daemons now run as the `ceph` user and group With this release, Ceph daemons, such as `ceph-osd` or `ceph-mon`, no longer run as `root` but run as the `ceph` user that belongs to the `ceph` group. This change improves security of the Ceph cluster.
Clone Of:
Environment:
Last Closed:	2016-08-23 19:25:42 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	9133	None	None	None	Never
Red Hat Issue Tracker	RHCEPH-3478	None	None	None	2022-02-21 18:34:37 UTC
Red Hat Knowledge Base (Solution)	2909121	None	None	None	2017-02-06 22:38:44 UTC
Red Hat Product Errata	RHBA-2016:1755	normal	SHIPPED_LIVE	Red Hat Ceph Storage 2.0 bug fix and enhancement update	2016-08-23 23:23:52 UTC

Description Sage Weil 2015-05-01 18:38:24 UTC

Description of problem:

Daemons run as root, which is not a good practice for security.

Expected results:

Run as user ceph and group ceph.


Additional info:

Comment 2 Neil Levine 2015-05-01 23:34:31 UTC

*** Bug 1217859 has been marked as a duplicate of this bug. ***

Comment 3 Ken Dreyer (Red Hat) 2016-02-29 16:02:54 UTC

This will be in RHCS 2 (it has been upstream since Infernalis).

Comment 9 errata-xmlrpc 2016-08-23 19:25:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1755

Note You need to log in before you can comment on or make changes to this bug.