Permission mismatch of /var/lib/quarkdb/node and /etc/eos.keytab for Quarkdb and EOS

Dear All,

I found some inconsistent behavior of permission in /var/lib/quarkdb/node(i) and password file i.e. redis.password_file, mgmofs.qdbpassword_file and fstofs.qdbpassword_file.

According to QuarkDB — EOS CITRINE documentation webpage, the permission of /var/lib/quarkdb/node (1…3) are daemon:daemon.

But another webpage i.e., say that the permission of /var/lib/quarkdb/node (1…3) are xrootd:xrootd.

So, which one is correct?

When we try to run xrootd@quarkdb with xrootd:xrootd. permission, it’s ok, but daemon:daemon permission is gives error. However, the permission of /etc/eos.keytab is daemon:daemon and which has use to define in “redis.password_file /etc/eos.keytab”, “mgmofs.qdbpassword_file /etc/eos.keytab” and “fstofs.qdbpassword_file /etc/eos.keytab”. It has make confused and mismatch.

Kindly update. What are the correct permission of password file i.e. eos.keytab or else which are use in redis.password_file, mgmofs.qdbpassword_file and fstofs.qdbpassword_file?


Hi, Prasun Singh Roy,

In our case, we copy /etc/eos.keytab to /etc/xrootd/eos.keytab with permission xrootd:xrootd, and specify redis.password_file to /etc/xrootd/eos.keytab. It works well.

Hi Prasun,

There are different ways in which you can run the QuarkDB service. Probably the most simple thing to do is to have the quarkdb service run under user daemon. In this way the /etc/eos.keytab file does not need to change ownership. All the eos related services normally run under user daemon.

As an example you can run quarkdb with the following customization drop-in:

[esindril@esdss000 ~]$ sudo systemctl status xrootd@quarkdb
● xrootd@quarkdb.service - XRootD xrootd daemon instance quarkdb
   Loaded: loaded (/usr/lib/systemd/system/xrootd@.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/xrootd@quarkdb.service.d
   Active: active (running) since Thu 2021-03-25 22:17:56 CET; 6 days ago
     Docs: man:xrootd(8)
 Main PID: 21971 (xrootd)
   CGroup: /system.slice/system-xrootd.slice/xrootd@quarkdb.service
           └─21971 /usr/bin/xrootd -l /var/log/xrootd/xrootd.log -c /etc/xrootd/xrootd-quarkdb.cfg -k fifo -s /var/run/xrootd/ -n quarkdb

Mar 25 22:17:56 systemd[1]: Started XRootD xrootd daemon instance quarkdb.

And the contents of the curstomization:

[esindril@esdss000 ~]$ cat /etc/systemd/system/xrootd@quarkdb.service.d/custom.conf

In this case you can keep the /etc/eos.keytab under daemon ownership and no changes should be required.