Skip to content

DAOS-18324 common: create files as 0660 instead of 0600 #17330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
janekmi wants to merge 1 commit into
base: master
Choose a base branch
from
Open

DAOS-18324 common: create files as 0660 instead of 0600 #17330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/bio/bio_xstream.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ bio_nvme_init_ext(const char *nvme_conf, int numa_node, unsigned int mem_size,
}

if (nvme_conf && strlen(nvme_conf) > 0) {
fd = open(nvme_conf, O_RDONLY, 0600);
fd = open(nvme_conf, O_RDONLY);
if (fd < 0)
D_WARN("Open %s failed, skip DAOS NVMe setup "DF_RC"\n",
nvme_conf, DP_RC(daos_errno2der(errno)));
Expand Down
3 changes: 2 additions & 1 deletion src/common/ad_mem.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
/**
* (C) Copyright 2022-2023 Intel Corporation.
* (C) Copyright 2025 Hewlett Packard Enterprise Development LP
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*/
Expand Down Expand Up @@ -608,7 +609,7 @@ blob_file_open(struct ad_blob *blob, const char *path, size_t *size, bool create
int flags = O_RDWR;

while (1) {
fd = open(path, flags, 0600);
fd = open(path, flags, UMEM_FILE_MODE_DEFAULT);
if (fd >= 0)
break;

Expand Down
2 changes: 2 additions & 0 deletions src/include/daos/mem.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ umempobj_pgsz(int backend);
/* umem persistent object property flags */
#define UMEMPOBJ_ENABLE_STATS 0x1

#define UMEM_FILE_MODE_DEFAULT 0660
Copy link
Contributor

@NiuYawei NiuYawei Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, shouldn't the DLCK being executed by root or the same user who runs DAOS server?

Copy link
Contributor Author

@janekmi janekmi Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Till now both DDB and DLCK could be run only by the root user which was pointed out as not a good practice. Hence encouraged by @Michael-Hennecke we started to look into other possibilities. All the details are in the ticket and in the comments there but to answer to your questions briefly:

  • The daos_server user is intentionally a nologin user.
  • Requiring to run both DDB and DLCK as root does not sound as a good practice nor it is practical.
  • Allowing users from the daos_server group to run DDB/DLCK has at least three benefits:
    • Administrator has the full control over who has and who has not access to these tools.
    • You do not have to be an administrator to use them. You just have to request access.
    • Administrator can give you access without compromising the whole system. Belonging to the group does not give you more power than absolutely necessary.


#ifdef DAOS_PMEM_BUILD

/* The backend type is stored in meta blob header, don't change the value */
Expand Down
4 changes: 2 additions & 2 deletions src/mgmt/mgmt_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ ds_mgmt_tgt_recreate(uuid_t pool_uuid, daos_size_t scm_size, int tgt_nr, daos_si
rc = -DER_NONEXIST;
goto out;
}
fd = open(rdb_path, O_RDWR | O_CREAT, 0600);
fd = open(rdb_path, O_RDWR | O_CREAT, UMEM_FILE_MODE_DEFAULT);
if (fd < 0) {
rc = daos_errno2der(errno);
D_ERROR("failed to create/open the vos file %s:" DF_RC "\n", rdb_path,
Expand Down Expand Up @@ -215,7 +215,7 @@ ds_mgmt_tgt_preallocate(uuid_t uuid, daos_size_t scm_size, int tgt_id, const cha
D_DEBUG(DB_MGMT, DF_UUID ": creating vos file %s (%ld bytes)\n", DP_UUID(uuid), path,
scm_size);

fd = open(path, O_CREAT | O_RDWR, 0600);
fd = open(path, O_CREAT | O_RDWR, UMEM_FILE_MODE_DEFAULT);
if (fd < 0) {
rc = daos_errno2der(errno);
D_ERROR(DF_UUID ": failed to create vos file %s: " DF_RC "\n", DP_UUID(uuid), path,
Expand Down
2 changes: 1 addition & 1 deletion src/vos/vos_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -979,7 +979,7 @@ vos_self_nvme_init(const char *vos_path, bool init_spdk)
goto out;

/* Only use hugepages if NVME SSD configuration existed. */
fd = open(nvme_conf, O_RDONLY, 0600);
fd = open(nvme_conf, O_RDONLY);
if (fd < 0) {
rc = bio_nvme_init_ext(NULL, VOS_NVME_NUMA_NODE, 0, 0, VOS_NVME_NR_TARGET, true,
init_spdk);
Expand Down
3 changes: 2 additions & 1 deletion src/vos/vos_pool.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -996,7 +996,8 @@ vos_pmemobj_create(const char *path, uuid_t pool_id, const char *layout,
umem_create:
D_DEBUG(DB_MGMT, "umempobj_create sz: " DF_U64 " store_sz: " DF_U64, scm_sz,
store.stor_size);
pop = umempobj_create(path, layout, UMEMPOBJ_ENABLE_STATS, scm_sz, 0600, &store);
pop = umempobj_create(path, layout, UMEMPOBJ_ENABLE_STATS, scm_sz, UMEM_FILE_MODE_DEFAULT,
&store);
if (pop != NULL) {
*ph = pop;
return 0;
Expand Down
Loading