manticoresearch icon indicating copy to clipboard operation
manticoresearch copied to clipboard

Published 20 hours ago verified publisher icon manticoresoftware

Consider changing default index files permissions

Open sanikolaev opened this issue 2 years ago • 4 comments

The current index files permissions are rw for the user and that's it.

snikolaev@dev:~$ sudo ls -la /var/lib/manticore/t
total 20
drwx------  2 manticore manticore 4096 Jul 28 14:21 .
drwxr-xr-x 19 manticore manticore 4096 Jul 28 09:23 ..
-rw-------  1 manticore manticore    0 Jul 28 07:40 t.lock
-rw-------  1 manticore manticore  518 Jul 28 14:21 t.meta
-rw-------  1 manticore manticore  111 Jul 28 14:21 t.ram
-rw-------  1 manticore manticore   27 Jul 28 14:21 t.settings

It may be more convenient and would give more flexibility if manticore group could also read, e.g. like in mysql:

snikolaev@dev:~$ sudo ls -la /var/lib/mysql/test
total 27290556
drwxr-x---  2 mysql mysql      12288 Jul 31 15:49 .
drwx------ 21 mysql mysql       4096 Jul  8 10:40 ..
-rw-r-----  1 mysql mysql       9146 Apr 27  2021 archived_articles_2015.frm
-rw-r-----  1 mysql mysql          0 Apr 27  2021 archived_articles_2015.MYD
-rw-r-----  1 mysql mysql       1024 Apr 27  2021 archived_articles_2015.MYI

Then, for example, once we have the backup script the user it's run under can be just added to group manticore and would have the right to read the files.

UPDATE

As suggested in the comments it makes sense to implement the new functionality as a separate setting and not not change the default.

I suggest the following naming: common.data_file_mode and common.data_dir_mode which would apply to:

  • index directories(data_dir_mode)
  • and files (data_file_mode):
    • index files
    • manticore.json
    • sphinxql_state file
    • binlogs and would be honoured by searchd and indexer

BTW this is similar to mysql's UMASK and UMASK_DIR.

sanikolaev avatar Aug 04 '22 04:08 sanikolaev

personally would suggest it be a umask configuration variable, rather than just changing the 'default'.

so manticore.conf could have something like

umask = 137    #user allow rw, group r only, other none.

The default would probably be 177 (which is current, rw for user only)

Really cool, if indexer could honour too, but guessing the primary focus would be for searchd when writing RT indexes etc.

barryhunter avatar Aug 04 '22 11:08 barryhunter

we already have searchd.query_log_mode that calls fchmod for log files and this new option could behave similarly

tomatolog avatar Aug 04 '22 13:08 tomatolog

Oh not noticed that. But yes seems perfect. Could be a direct mode, rather than a 'mask' to a default mode.

As noted would be great if could be in 'common' rather than searchd section, as noted so apply to indexer too

 common.index_file_mode

for the backup would have to apply to manticore.json, sphinxql_state file (or the default state.sql), and possibly the binlogs (but that could be seperate option),

barryhunter avatar Aug 04 '22 13:08 barryhunter

➤ Dmitrii Kuzmenkov commented:

@nosync

I have tried to create index and checked permissions also

image

githubmanticore avatar Sep 05 '22 05:09 githubmanticore