Thread: [Moosefs-users] Caveats to running MFS under root

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi.

Are there any known issues for running MFS under root?

Regards.

On Tue, 6 Jul 2010 13:26:26 +0300
Stas Oskin <sta...@gm...> wrote:

> Hi.
> 
> Are there any known issues for running MFS under root?
>From a security point of view, do not ever do that if you can avoid it,
which is the case for every moosefs server.
The cgi server does not have (yet ?) a config file to allow you to
specify which user you want to run the server with, but it runs fine
being launched by any regular user, as the port by default it uses
(9425) is unprivileged.
Apart from that, I can't see any reason why you couldn't run it as
root. Just don't forget it is a BAD, BAD idea™.
-- 
Laurent Wandrebeck
HYGEOS, Earth Observation Department / Observation de la Terre
Euratechnologies
165 Avenue de Bretagne
59000 Lille, France
tel: +33 3 20 08 24 98
http://www.hygeos.com
GPG fingerprint/Empreinte GPG: F5CA 37A4 6D03 A90C 7A1D  2A62 54E6 EF2C
D17C F64C

On Tue, 6 Jul 2010 15:30:06 +0300
Stas Oskin <sta...@gm...> wrote:

Don't forget the list™, grmbl :)
> > From a security point of view, do not ever do that if you can avoid it,
> > which is the case for every moosefs server.
> >
> 
> It's clear, I'm just using in testing environment I wanted just to run it
> quickly.
you just need to put a value in line WORKING_USER = of the config file.
Difficult to make it quicker, isn't it ? :)
> 
> By the way, can the MFS really run well under the nobody account?
Don't know, I only tested under a regular user. Try and tell  us ? :)
> Just an advice, it worth adding the rights setting for metadata folders in
> the RPM you made.
It seems difficult to me, as user it runs with is configurable. Or did
I misunderstood your point ?
> The storage folders on chunkservers could be set manually later.
> 
> 
> > The cgi server does not have (yet ?) a config file to allow you to
> > specify which user you want to run the server with, but it runs fine
> > being launched by any regular user, as the port by default it uses
> > (9425) is unprivileged.
> >
> 
> Speaking of, how you running the CGI?
> I've routed it through Lighttpd CGI interface, perhaps there is another way?
you can just run /usr/sbin/mfscgiserv
Regards,
-- 
Laurent Wandrebeck
HYGEOS, Earth Observation Department / Observation de la Terre
Euratechnologies
165 Avenue de Bretagne
59000 Lille, France
tel: +33 3 20 08 24 98
http://www.hygeos.com
GPG fingerprint/Empreinte GPG: F5CA 37A4 6D03 A90C 7A1D  2A62 54E6 EF2C
D17C F64C

Hi!

Generally speaking, MooseFS should not be run as a user nobody. If user nobody has some other services running and if somebody gets  control over one service, it can interfere other services run on the same user. We recommend just creating a user mfs and a group mfs.

Regards
Michał 

> -----Original Message-----
> From: Laurent Wandrebeck [mailto:lw...@hy...]
> Sent: Tuesday, July 06, 2010 3:23 PM
> To: Stas Oskin; moo...@li...
> Subject: Re: [Moosefs-users] Caveats to running MFS under root
> 
> On Tue, 6 Jul 2010 15:30:06 +0300
> Stas Oskin <sta...@gm...> wrote:
> 
> Don't forget the list™, grmbl :)
> > > From a security point of view, do not ever do that if you can avoid
> > > it, which is the case for every moosefs server.
> > >
> >
> > It's clear, I'm just using in testing environment I wanted just to run
> > it quickly.
> you just need to put a value in line WORKING_USER = of the config file.
> Difficult to make it quicker, isn't it ? :)
> >
> > By the way, can the MFS really run well under the nobody account?
> Don't know, I only tested under a regular user. Try and tell  us ? :)
> > Just an advice, it worth adding the rights setting for metadata
> > folders in the RPM you made.
> It seems difficult to me, as user it runs with is configurable. Or did I
> misunderstood your point ?
> > The storage folders on chunkservers could be set manually later.
> >
> >
> > > The cgi server does not have (yet ?) a config file to allow you to
> > > specify which user you want to run the server with, but it runs fine
> > > being launched by any regular user, as the port by default it uses
> > > (9425) is unprivileged.
> > >
> >
> > Speaking of, how you running the CGI?
> > I've routed it through Lighttpd CGI interface, perhaps there is another way?
> you can just run /usr/sbin/mfscgiserv
> Regards,
> --
> Laurent Wandrebeck
> HYGEOS, Earth Observation Department / Observation de la Terre
> Euratechnologies
> 165 Avenue de Bretagne
> 59000 Lille, France
> tel: +33 3 20 08 24 98
> http://www.hygeos.com
> GPG fingerprint/Empreinte GPG: F5CA 37A4 6D03 A90C 7A1D  2A62 54E6 EF2C D17C
> F64C

Sorry, forwarding to list as well.

---------- Forwarded message ----------
Hi.

> Generally speaking, MooseFS should not be run as a user nobody. If user
> nobody has some other services running and if somebody gets  control over
> one service, it can interfere other services run on the same user. We
> recommend just creating a user mfs and a group mfs.
>
>
This makes sense.

Laurent, that should be a good addition to that RPM ;).

Maybe we also should consider placing a script, which would assign proper
permissions to selected data folders.

The master and logger can actually pre-format and use the /var/mfs directory
they are using today.

Regards.

On Thu, 8 Jul 2010 21:51:23 +0300
Stas Oskin <sta...@gm...> wrote:

> Sorry, forwarding to list as well.
> 
> ---------- Forwarded message ----------
> Hi.
> 
> 
> > Generally speaking, MooseFS should not be run as a user nobody. If user
> > nobody has some other services running and if somebody gets  control over
> > one service, it can interfere other services run on the same user. We
> > recommend just creating a user mfs and a group mfs.
> >
> >
> This makes sense.
> 
> 
> Laurent, that should be a good addition to that RPM ;).
I need to take a look at how RPM handles user creation. I don't know
how it acts when auth deals with nis/ldap/whatever.
Added on my TODO list, as well as the log replay on startup, if Michal
confirms it's a good idea.
> 
> Maybe we also should consider placing a script, which would assign proper
> permissions to selected data folders.
As told in a previous mail, problem is DATA_PATH is configurable after
installation.
Regards,
-- 
Laurent Wandrebeck
HYGEOS, Earth Observation Department / Observation de la Terre
Euratechnologies
165 Avenue de Bretagne
59000 Lille, France
tel: +33 3 20 08 24 98
http://www.hygeos.com
GPG fingerprint/Empreinte GPG: F5CA 37A4 6D03 A90C 7A1D  2A62 54E6 EF2C
D17C F64C

.

> It seems difficult to me, as user it runs with is configurable. Or did
> I misunderstood your point ?
>

I meant the /var/mfs folder for master and logger, which is a good location
and can be prepared in advance.

> you can just run /usr/sbin/mfscgiserv
>
>
That worked great - much faster then lighttpd.

On Thu, 8 Jul 2010 21:53:04 +0300
Stas Oskin <sta...@gm...> wrote:

> .
> 
> > It seems difficult to me, as user it runs with is configurable. Or did
> > I misunderstood your point ?
> >
> 
> I meant the /var/mfs folder for master and logger, which is a good location
> and can be prepared in advance.
It can't either, as you can also configure DATA_PATH in master and
metalogger.
-- 
Laurent Wandrebeck
HYGEOS, Earth Observation Department / Observation de la Terre
Euratechnologies
165 Avenue de Bretagne
59000 Lille, France
tel: +33 3 20 08 24 98
http://www.hygeos.com
GPG fingerprint/Empreinte GPG: F5CA 37A4 6D03 A90C 7A1D  2A62 54E6 EF2C
D17C F64C

Thread: [Moosefs-users] Caveats to running MFS under root

Fault tolerant, POSIX-compliant, Net Distributed Storage / File System

moosefs-users