Change ownership of Virtual Datafile not permitted

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered
Hi all,

I'm provisioning Unstructured Files to a target with the delphix_os user. After the provision, I have to change the ownership of the files assigning them to a nobody user. This user has no login and cannot be user as a second user of the configuration of the environment in the Delphix Console.
When I do as root the command "chown -R nobody /u02/app/apache-tomcat-7.0.42" I got error: "chown: changing ownership of `/u02/app/apache-tomcat-7.0.42': Operation not permitted".

How can I do it?

Thank you.
Gianpiero
Photo of Gianpiero Piccolo

Gianpiero Piccolo

  • 2,336 Points 2k badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Fabio

Fabio

  • 486 Points 250 badge 2x thumb
some more infos concerning Gianpiero'squestion that might (?) be useful to know:
the mount point dir before provisioning belongs to "nobody:nobody", after provisioning the ownership becomes "delphix_os:nobody" andeverything contained in the nfs mounted fs hase the same ownership...
hope it helps
Fabio
Photo of Jordan Place

Jordan Place

  • 394 Points 250 badge 2x thumb

Hey Gianpiero,

The Delphix Engine will chown the virtualized files to be owned by the user selected during provisioning. Afterwards, it mounts the files via NFS to the target environment. This mount uses the NFS root_squash option which will disallow operations performed by root on the target environment (http://serverfault.com/questions/212178/chown-on-a-mounted-nfs-partition-gives-operation-not-permitted).

Depending on your goal, you might try provisioning the vFiles as a different environment user or using group ids to provide the permissions semantics you seek.

Photo of Gianpiero Piccolo

Gianpiero Piccolo

  • 2,336 Points 2k badge 2x thumb
> Depending on your goal, you might try provisioning the vFiles as a different environment user
Yes this is what I'm concerning. But in this case the user "nobody" has no login and cannot be used as environment user.

Thank you for your feedback on root_squash option.

Regards.
Gianpiero
Photo of Fabio

Fabio

  • 486 Points 250 badge 2x thumb
my two cents: the user we used for provisioning is delphix_os and it ha as primary group "nobody"... but it is not enough...
Photo of Jordan Place

Jordan Place

  • 394 Points 250 badge 2x thumb
Can either of you share the motivation for chowning files to be owned by "nobody"? I have not heard this use case before.
Photo of Gianpiero Piccolo

Gianpiero Piccolo

  • 2,336 Points 2k badge 2x thumb
For security reason. We are virtualizing PHP application upon an Apache Web Server Installation on the target host. The Security Best Practices on Apache configuration suggests to configure Apache to run processes with nobody user or with any other user without login. For now we configured Apache to run processes with delphix_os user, but this method is not compliant with customer's best practices.