[openstack-dev] [kolla] Kolla configuration files owner and permission
duonghq at vn.fujitsu.com
duonghq at vn.fujitsu.com
Tue Aug 23 08:04:19 UTC 2016
Hi S.Dake,
>> Hello Kollish,
>>
>> I am working on bp ansible-specific-task-become so I need community opinion about Kolla configuration files owner and permissions.
>>
>> For files in "/var/lib/kolla", it's quite clear that the owner should be 'root' as currently.
>>
>> For files in "/etc/kolla": After discussion with S.Dake on IRC, he recommends /etc/kolla is owned by root and all files in it is 660 (writable by a group).
>
> Just to add a bit of clarity, the rationale for this idea is that a group of operators could add themselves to the kolla group on all of the nodes and use their specific ssh keys to operate OpenStack. > This is why the group concept in unix was invented 50 odd years ago ;)
I just notice that if the directory has 660, so non-root user cannot access file in this folder. It seems conflict with group purpose.
Should it be 770 for folders?
> Regards
> -steve
Best regards,
duonghq
PODC - Fujitsu Vietnam Ltd.
More information about the OpenStack-dev
mailing list