Fog user rights


  • Testers

    Silly question probably, should the fog user be in the sudoers file or have any rights besides general user. I have a new Ubuntu 14 setup with SVN and have noticed that rights to images and the snapins folders didn’t work right until I made fog the owner and chmod 777 both directory’s I am having a few other issues that might be related.


  • Moderator

    I created this script from various install files:

    https://github.com/AdmissionRegret/utils/blob/master/fog-resetpermissions.sh

    wget https://raw.githubusercontent.com/AdmissionRegret/utils/master/fog-resetpermissions.sh
    chmod +x fog-resetpermissions.sh
    


  • @Wayne-Workman said:

    We should write a script that sets all the permissions back to the defaults…

    That would be awesome.


  • Testers

    yes please


  • Moderator

    We should write a script that sets all the permissions back to the defaults…


  • Senior Developer

    Root root is what most items are defaulted to, but fog:fog is technically the most correct. However, most of the file systems are setup with 777 which the owner group does not matter. The variance is because replication is using the fog user. The fog user cannot create files as the root user. So replication or anything handled by ftp will only be set to the person moving the files. In our default case, this is fog.

    The local fog in opt fog snapins is installed with permissions of fog.apache just so the gui doesn’t have to ftp to itself and the web user can still interact with the files. Hopefully that makes sense.


  • Moderator

    I think we need to get a bit of clarity from the Developers on this one.

    On my main node the snapins folder is owned by fog.apache but on my storage node the snapins folder is owned by root.root.

    As I posted below on my storage node the /images folder is owned by fog.fog and on my main node /images is owned by root.root.

    There doesn’t seem to be any consistency between the user /group and a functioning system (so to speak). But since we are having this discussion something must be amiss here.


  • Testers

    What folders should I check rights on besides snapins and images ? /opt/fog?


  • Senior Developer

    Sudoers is not required but if you want the fog user to be able elevate rights you can add them.


  • Moderator

    Just to add a bit of correlation to your post.

    I noticed this when I was working on a POC setup.

    On my master fog server the files and folders under /images are owned by root.root with a file mode of 777 (realize I may have done the mode 777 when trying to get the master node to work many months ago. I installed 1.2.0 on this and then upgraded to the latest trunk builds over the months.

    On my storage node the replicator created the image files (same as on the master node) being owned by fog.fog with a mode of 755. The storage node was just setup with 1.2.0 and then immediately updated to the latest trunk build.

    To answer your question about fog being a sudoer, from a security standpoint I would say no. This should remain a low level account.


Log in to reply
 

460
Online

39010
Users

10725
Topics

101895
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.