Fog user rights
-
Silly question probably, should the fog user be in the sudoers file or have any rights besides general user. I have a new Ubuntu 14 setup with SVN and have noticed that rights to images and the snapins folders didn’t work right until I made fog the owner and chmod 777 both directory’s I am having a few other issues that might be related.
-
Just to add a bit of correlation to your post.
I noticed this when I was working on a POC setup.
On my master fog server the files and folders under /images are owned by root.root with a file mode of 777 (realize I may have done the mode 777 when trying to get the master node to work many months ago. I installed 1.2.0 on this and then upgraded to the latest trunk builds over the months.
On my storage node the replicator created the image files (same as on the master node) being owned by fog.fog with a mode of 755. The storage node was just setup with 1.2.0 and then immediately updated to the latest trunk build.
To answer your question about fog being a sudoer, from a security standpoint I would say no. This should remain a low level account.
-
Sudoers is not required but if you want the fog user to be able elevate rights you can add them.
-
What folders should I check rights on besides snapins and images ? /opt/fog?
-
I think we need to get a bit of clarity from the Developers on this one.
On my main node the snapins folder is owned by fog.apache but on my storage node the snapins folder is owned by root.root.
As I posted below on my storage node the /images folder is owned by fog.fog and on my main node /images is owned by root.root.
There doesn’t seem to be any consistency between the user /group and a functioning system (so to speak). But since we are having this discussion something must be amiss here.
-
Root root is what most items are defaulted to, but fog:fog is technically the most correct. However, most of the file systems are setup with 777 which the owner group does not matter. The variance is because replication is using the fog user. The fog user cannot create files as the root user. So replication or anything handled by ftp will only be set to the person moving the files. In our default case, this is fog.
The local fog in opt fog snapins is installed with permissions of fog.apache just so the gui doesn’t have to ftp to itself and the web user can still interact with the files. Hopefully that makes sense.
-
We should write a script that sets all the permissions back to the defaults…
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
yes please
-
@Wayne-Workman said:
We should write a script that sets all the permissions back to the defaults…
That would be awesome.
-
I created this script from various install files:
https://github.com/AdmissionRegret/utils/blob/master/fog-resetpermissions.sh
wget https://raw.githubusercontent.com/AdmissionRegret/utils/master/fog-resetpermissions.sh chmod +x fog-resetpermissions.sh
