Delphix Products

  • 1.  Change ownership of Virtual Datafile not permitted

    Posted 03-02-2016 09:25:00 AM
    Hi all,

    I'm provisioning Unstructured Files to a target with the delphix_os user. After the provision, I have to change the ownership of the files assigning them to a nobody user. This user has no login and cannot be user as a second user of the configuration of the environment in the Delphix Console.
    When I do as root the command "chown -R nobody /u02/app/apache-tomcat-7.0.42" I got error: "chown: changing ownership of '/u02/app/apache-tomcat-7.0.42': Operation not permitted".

    How can I do it?

    Thank you.
    Gianpiero


  • 2.  RE: Change ownership of Virtual Datafile not permitted
    Best Answer

    Posted 03-02-2016 09:32:00 AM
    some more infos concerning Gianpiero'squestion that might (?) be useful to know:
    the mount point dir before provisioning belongs to "nobody:nobody", after provisioning the ownership becomes "delphix_os:nobody" andeverything contained in the nfs mounted fs hase the same ownership...
    hope it helps
    Fabio


  • 3.  RE: Change ownership of Virtual Datafile not permitted
    Best Answer

    Posted 03-02-2016 06:26:00 PM

    Hey Gianpiero,

    The Delphix Engine will chown the virtualized files to be owned by the user selected during provisioning. Afterwards, it mounts the files via NFS to the target environment. This mount uses the NFS root_squash option which will disallow operations performed by root on the target environment (http://serverfault.com/questions/212178/chown-on-a-mounted-nfs-partition-gives-operation-not-permitted).

    Depending on your goal, you might try provisioning the vFiles as a different environment user or using group ids to provide the permissions semantics you seek.



  • 4.  RE: Change ownership of Virtual Datafile not permitted

    Posted 03-03-2016 07:45:00 AM
    > Depending on your goal, you might try provisioning the vFiles as a different environment user
    Yes this is what I'm concerning. But in this case the user "nobody" has no login and cannot be used as environment user.

    Thank you for your feedback on root_squash option.

    Regards.
    Gianpiero


  • 5.  RE: Change ownership of Virtual Datafile not permitted

    Posted 03-03-2016 08:36:00 AM
    my two cents: the user we used for provisioning is delphix_os and it ha as primary group "nobody"... but it is not enough...


  • 6.  RE: Change ownership of Virtual Datafile not permitted

    Posted 03-03-2016 03:14:00 PM
    Can either of you share the motivation for chowning files to be owned by "nobody"? I have not heard this use case before.


  • 7.  RE: Change ownership of Virtual Datafile not permitted

    Posted 03-03-2016 03:20:00 PM
    For security reason. We are virtualizing PHP application upon an Apache Web Server Installation on the target host. The Security Best Practices on Apache configuration suggests to configure Apache to run processes with nobody user or with any other user without login. For now we configured Apache to run processes with delphix_os user, but this method is not compliant with customer's best practices.