Asfixownership does not change permissions of usr dir recursively (AER-3572)


#1

We have a configuration where we do not want asd to run under user root. We have modified the aerospike.conf file with the corresponding user/group stanzas (user rc, group rc) and run sudo asfixownership -y -c /etc/aerospike/aerospike.conf after installing the server.

$ sudo asfixownership -y -c /etc/aerospike/aerospike.conf
Ownership changed of /var/log/aerospike/aerospike.log to user rc group rc
Ownership changed of /var/log/aerospike to user rc group rc
Ownership changed of /opt/aerospike/data/ns.dat to user rc group rc
Ownership changed of /opt/aerospike/data to user rc group rc
Ownership changed of /opt/aerospike/usr to user rc group rc
Ownership changed of /opt/aerospike/smd to user rc group rc
Ownership changed of /var/run/aerospike/asd.pid to user rc group rc
Ownership changed of /var/run/aerospike to user rc group rc
Shared memory used by aerospike deleted
INFO: Successful execution of fixownership script finished

If we now register a UDF, AQL shows the module registered:

$ aql -c 'show modules'
+---------------------------+---------------+-------+
| hash                      | module        | type  |
+---------------------------+---------------+-------+
| "e4a269c7564981b7b4f8psm" | "avn-psm.lua" | "lua" |
+---------------------------+---------------+-------+
1 row in set (0.001 secs)

Executing our UDF fails with AEROSPIKE_ERR_SERVER : "UDF: Execution Error 1". Checking the UDF user directory shows the file doesn’t exist:

$ ls -l /opt/aerospike/usr/udf/lua/
total 0

Checking permissions shows the ownership is still set to the aerospike user & group:

$ ls -l /opt/aerospike/usr
total 4
drwxr-xr-x. 3 aerospike aerospike 4096 Apr 21 11:27 udf

Can the asfixownership script be changed to change these permissions recursively?

Also, if the asfixownership script is run before asd is run for the first time, it will throw errors about nonexisting files:

Error: /var/log/aerospike/aerospike.log No such file or directory
/var/log/aerospike/aerospike.log doesn't exist;Do you want to continue?(y):y
...
change ownership of /var/run/aerospike/asd.pid to user rc group rc (y):y
Error: /var/run/aerospike/asd.pid No such file or directory

While this is not a problem, it sets off triggers in our scripts because of the errors.


#2

Thanks for reporting this. Will definitely file a ticket and try to prioritize this.

Just to confirm, you were now OK after manually fixing those permission issues?


#3

Hi Meher,

yes, we were able to work around it for now.


#4

Thanks for confirming. Jira has been filed to follow up on this (AER-3572 just for reference if need to inquire later).