Author Topic: centralized logs and nfs  (Read 2448 times)

Achilles

  • Sr. Member
  • ****
  • Posts: 25
centralized logs and nfs
« on: July 29, 2010, 01:25:33 PM »
hi

i've read the post about centralizing config, logs etc.

the logs part has some pitfall: we are on Linux/NFS and for security reasons root access over NFS is not allowed.

Is there a way to start the daemons as the proxy user ?

- Thomas

jburk

  • Administrator
  • *****
  • Posts: 479
Re: centralized logs and nfs
« Reply #1 on: July 29, 2010, 05:51:57 PM »
This is a common scenario.  The solution is to make the log directories 777, read/write to all users.

This is necessary even if root was allowed to traverse the nfs mount ("no root squash" nfs option set), since the jobs themselves usually run as the job's user, which means that any user who runs jobs needs to be able to write to the log directories.

shinya

  • Administrator
  • *****
  • Posts: 224
Re: centralized logs and nfs
« Reply #2 on: July 29, 2010, 05:55:08 PM »
Hi Thomas,

Currently, the running the daemons as a non-root user would probably cause
it to not worker properly.

Having said that, the jobs themselves are run suid as the owner of the
job in user execution mode, or as the "qubeproxy" user in proxy mode (default),
so the job logs are written as those users as well, not root (unless, of course,
you submit jobs as root in user mode, which is probably not a good idea in
your case).

Does that help?

-shinya.