COPY INTO FILE - Folder permission
Hi! We are running some "exports" using the COPY INTO FILE, the problem we are facing is that the file created by monetdb is Read Write ONLY by the user running the database. -rw------- 1 root monet 9477 Sep 7 15:08 exp.csv Is there any way so the created file has also RW permission to the group and NOT only the user. In this case, we are using an NFS share so we are not able to use setfacl. Does anybody has an idea how to solve this ? Thanks a lot in advance! Rgds Ariel
Hi, IMHO the file permissions are determined by the umask of the user/shell/process that started merser5. Best, Stefan ----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com wrote:
Hi! We are running some "exports" using the COPY INTO FILE, the problem we are facing is that the file created by monetdb is Read Write ONLY by the user running the database.
-rw------- 1 root monet 9477 Sep 7 15:08 exp.csv
Is there any way so the created file has also RW permission to the group and NOT only the user.
In this case, we are using an NFS share so we are not able to use setfacl.
Does anybody has an idea how to solve this ?
Thanks a lot in advance! Rgds Ariel
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) |
Stefan Thanks for your info... but, unfortunately didnt work. Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :( Thanks either! Rgds Ariel *Ariel Abadi* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com Web: www.starbi.com On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold <Stefan.Manegold@cwi.nl> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com wrote:
Hi! We are running some "exports" using the COPY INTO FILE, the problem we are facing is that the file created by monetdb is Read Write ONLY by the user running the database.
-rw------- 1 root monet 9477 Sep 7 15:08 exp.csv
Is there any way so the created file has also RW permission to the group and NOT only the user.
In this case, we are using an NFS share so we are not able to use setfacl.
Does anybody has an idea how to solve this ?
Thanks a lot in advance! Rgds Ariel
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
How are you running mserver5? It looks like it is running as root (extremely bad idea, by the way), so how does it get started? It's the mserver4 process that writes the file, so the umask Stefan mentioned applied to it. On 08/09/2018 13.32, Ariel Abadi wrote:
Stefan Thanks for your info... but, unfortunately didnt work.
Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :(
Thanks either! Rgds Ariel
*/Ariel Abadi/* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com <mailto:aabadi@starbi.com> Web: www.starbi.com <http://www.starbi.com/>
On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold <Stefan.Manegold@cwi.nl <mailto:Stefan.Manegold@cwi.nl>> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com <mailto:aabadi@starconnecting.com> wrote:
> Hi! > We are running some "exports" using the COPY INTO FILE, the problem we are > facing is that the file created by monetdb is Read Write ONLY by the user > running the database. > > -rw------- 1 root monet 9477 Sep 7 15:08 exp.csv > > Is there any way so the created file has also RW permission to the group and NOT > only the user. > > In this case, we are using an NFS share so we are not able to use setfacl. > > Does anybody has an idea how to solve this ? > > Thanks a lot in advance! > Rgds > Ariel > > > _______________________________________________ > users-list mailing list > users-list@monetdb.org <mailto:users-list@monetdb.org> > https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ <http://www.CWI.nl/~manegold/> | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org <mailto:users-list@monetdb.org> https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- Sjoerd Mullender
... despite using various "spelling alternatives", both Sjoerd and myself refer to "mserver5", i.e., THE server process of the MonetDB database system (that might get started by the "monetdbd" daemon rather that "by hand") ... ----- On Sep 8, 2018, at 7:00 PM, Sjoerd Mullender sjoerd@monetdb.org wrote:
How are you running mserver5? It looks like it is running as root (extremely bad idea, by the way), so how does it get started? It's the mserver4 process that writes the file, so the umask Stefan mentioned applied to it.
On 08/09/2018 13.32, Ariel Abadi wrote:
Stefan Thanks for your info... but, unfortunately didnt work.
Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :(
Thanks either! Rgds Ariel
*/Ariel Abadi/* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com <mailto:aabadi@starbi.com> Web: www.starbi.com <http://www.starbi.com/>
On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold <Stefan.Manegold@cwi.nl <mailto:Stefan.Manegold@cwi.nl>> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com <mailto:aabadi@starconnecting.com> wrote:
> Hi! > We are running some "exports" using the COPY INTO FILE, the problem we are > facing is that the file created by monetdb is Read Write ONLY by the user > running the database. > > -rw------- 1 root monet 9477 Sep 7 15:08 exp.csv > > Is there any way so the created file has also RW permission to the group and NOT > only the user. > > In this case, we are using an NFS share so we are not able to use setfacl. > > Does anybody has an idea how to solve this ? > > Thanks a lot in advance! > Rgds > Ariel > > > _______________________________________________ > users-list mailing list > users-list@monetdb.org <mailto:users-list@monetdb.org> > https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ <http://www.CWI.nl/~manegold/> | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org <mailto:users-list@monetdb.org> https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- Sjoerd Mullender
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) |
Sorry for my ignorance, but can you please tell me why is a bad idea running it as root? In this particular case as I wanted to change the umask, I launched the two commands from my user directly. I firstly run the monetdbd start xxx, once it is started I start the database by monetdb start -a Is there a better way? And issueing the 2nd command is how the mserver5 starts. Is that your question? This in advance Rgds On Sat, Sep 8, 2018, 14:15 Stefan Manegold <Stefan.Manegold@cwi.nl> wrote:
... despite using various "spelling alternatives", both Sjoerd and myself refer to "mserver5", i.e., THE server process of the MonetDB database system (that might get started by the "monetdbd" daemon rather that "by hand") ...
----- On Sep 8, 2018, at 7:00 PM, Sjoerd Mullender sjoerd@monetdb.org wrote:
How are you running mserver5? It looks like it is running as root (extremely bad idea, by the way), so how does it get started? It's the mserver4 process that writes the file, so the umask Stefan mentioned applied to it.
On 08/09/2018 13.32, Ariel Abadi wrote:
Stefan Thanks for your info... but, unfortunately didnt work.
Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :(
Thanks either! Rgds Ariel
*/Ariel Abadi/* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com <mailto:aabadi@starbi.com> Web: www.starbi.com <http://www.starbi.com/>
On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold <Stefan.Manegold@cwi.nl <mailto:Stefan.Manegold@cwi.nl>> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com <mailto:aabadi@starconnecting.com> wrote:
> Hi! > We are running some "exports" using the COPY INTO FILE, the problem we are > facing is that the file created by monetdb is Read Write ONLY by the user > running the database. > > -rw------- 1 root monet 9477 Sep 7 15:08 exp.csv > > Is there any way so the created file has also RW permission to the group and NOT > only the user. > > In this case, we are using an NFS share so we are not able to use setfacl. > > Does anybody has an idea how to solve this ? > > Thanks a lot in advance! > Rgds > Ariel > > > _______________________________________________ > users-list mailing list > users-list@monetdb.org <mailto:users-list@monetdb.org> > https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ <http://www.CWI.nl/~manegold/> | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org <mailto:users-list@monetdb.org> https://www.monetdb.org/mailman/listinfo/users-list <https://www.monetdb.org/mailman/listinfo/users-list>
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- Sjoerd Mullender
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
Hi, it appears after all, that merovingian (aka. monetdbd) is rather paranoid: $ grep -Hin1 umask tools/merovingian/daemon/merovingian.c tools/merovingian/daemon/merovingian.c-924- tools/merovingian/daemon/merovingian.c:925: /* Paranoia umask, but good, because why would people have to sniff tools/merovingian/daemon/merovingian.c-926- * our private parts? */ tools/merovingian/daemon/merovingian.c:927: umask(S_IRWXG | S_IRWXO); tools/merovingian/daemon/merovingian.c-928- Best, Stefan ----- On Sep 8, 2018, at 7:45 PM, Ariel Abadi aabadi@starconnecting.com wrote:
Sorry for my ignorance, but can you please tell me why is a bad idea running it as root?
In this particular case as I wanted to change the umask, I launched the two commands from my user directly. I firstly run the monetdbd start xxx, once it is started I start the database by monetdb start -a
Is there a better way? And issueing the 2nd command is how the mserver5 starts. Is that your question?
This in advance Rgds
On Sat, Sep 8, 2018, 14:15 Stefan Manegold < Stefan.Manegold@cwi.nl > wrote:
... despite using various "spelling alternatives", both Sjoerd and myself refer to "mserver5", i.e., THE server process of the MonetDB database system (that might get started by the "monetdbd" daemon rather that "by hand") ...
----- On Sep 8, 2018, at 7:00 PM, Sjoerd Mullender sjoerd@monetdb.org wrote:
How are you running mserver5? It looks like it is running as root (extremely bad idea, by the way), so how does it get started? It's the mserver4 process that writes the file, so the umask Stefan mentioned applied to it.
On 08/09/2018 13.32, Ariel Abadi wrote:
Stefan Thanks for your info... but, unfortunately didnt work.
Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :(
Thanks either! Rgds Ariel
*/Ariel Abadi/* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com <mailto: aabadi@starbi.com > Web: www.starbi.com < http://www.starbi.com/ >
On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold < Stefan.Manegold@cwi.nl <mailto: Stefan.Manegold@cwi.nl >> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com <mailto: aabadi@starconnecting.com > wrote:
Hi! We are running some "exports" using the COPY INTO FILE, the problem we are facing is that the file created by monetdb is Read Write ONLY by the user running the database.
-rw------- 1 root monet 9477 Sep 7 15:08 exp.csv
Is there any way so the created file has also RW permission to the group and NOT only the user.
In this case, we are using an NFS share so we are not able to use setfacl.
Does anybody has an idea how to solve this ?
Thanks a lot in advance! Rgds Ariel
_______________________________________________ users-list mailing list users-list@monetdb.org <mailto: users-list@monetdb.org > https://www.monetdb.org/mailman/listinfo/users-list < https://www.monetdb.org/mailman/listinfo/users-list >
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ < http://www.CWI.nl/~manegold/ > | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org <mailto: users-list@monetdb.org > https://www.monetdb.org/mailman/listinfo/users-list < https://www.monetdb.org/mailman/listinfo/users-list >
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- Sjoerd Mullender
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) |
You’re assuming that MondtDB is completely bug free, and wouldn’t let a bad actor execute something you don’t want on the box. C/C++ UDFs can do anything they want. From: users-list [mailto:users-list-bounces+david.b.anderson=citi.com@monetdb.org] On Behalf Of Ariel Abadi Sent: Saturday, September 08, 2018 1:46 PM To: Communication channel for MonetDB users Subject: Re: COPY INTO FILE - Folder permission Sorry for my ignorance, but can you please tell me why is a bad idea running it as root? In this particular case as I wanted to change the umask, I launched the two commands from my user directly. I firstly run the monetdbd start xxx, once it is started I start the database by monetdb start -a Is there a better way? And issueing the 2nd command is how the mserver5 starts. Is that your question? This in advance Rgds
Ariel, of course the "better" (as in safer, more portable, more flexible) option is to export via the client, e.g., using mclient's -fcsv option: mclient ... -s'<your query>' -fcsv > <your file> Best, Stefan ----- On Sep 8, 2018, at 7:45 PM, Ariel Abadi aabadi@starconnecting.com wrote:
Sorry for my ignorance, but can you please tell me why is a bad idea running it as root?
In this particular case as I wanted to change the umask, I launched the two commands from my user directly. I firstly run the monetdbd start xxx, once it is started I start the database by monetdb start -a
Is there a better way? And issueing the 2nd command is how the mserver5 starts. Is that your question?
This in advance Rgds
On Sat, Sep 8, 2018, 14:15 Stefan Manegold < Stefan.Manegold@cwi.nl > wrote:
... despite using various "spelling alternatives", both Sjoerd and myself refer to "mserver5", i.e., THE server process of the MonetDB database system (that might get started by the "monetdbd" daemon rather that "by hand") ...
----- On Sep 8, 2018, at 7:00 PM, Sjoerd Mullender sjoerd@monetdb.org wrote:
How are you running mserver5? It looks like it is running as root (extremely bad idea, by the way), so how does it get started? It's the mserver4 process that writes the file, so the umask Stefan mentioned applied to it.
On 08/09/2018 13.32, Ariel Abadi wrote:
Stefan Thanks for your info... but, unfortunately didnt work.
Ive run it with my user which has umask 0002 and when the file was created by monet, was create RW only for my user :(
Thanks either! Rgds Ariel
*/Ariel Abadi/* Direct: +54 11 5279.2054 Mobile:+54 9 11 6050.0101 Email: aabadi@starbi.com <mailto: aabadi@starbi.com > Web: www.starbi.com < http://www.starbi.com/ >
On Fri, Sep 7, 2018 at 5:45 PM, Stefan Manegold < Stefan.Manegold@cwi.nl <mailto: Stefan.Manegold@cwi.nl >> wrote:
Hi,
IMHO the file permissions are determined by the umask of the user/shell/process that started merser5.
Best, Stefan
----- On Sep 7, 2018, at 9:24 PM, Ariel Abadi aabadi@starconnecting.com <mailto: aabadi@starconnecting.com > wrote:
Hi! We are running some "exports" using the COPY INTO FILE, the problem we are facing is that the file created by monetdb is Read Write ONLY by the user running the database.
-rw------- 1 root monet 9477 Sep 7 15:08 exp.csv
Is there any way so the created file has also RW permission to the group and NOT only the user.
In this case, we are using an NFS share so we are not able to use setfacl.
Does anybody has an idea how to solve this ?
Thanks a lot in advance! Rgds Ariel
_______________________________________________ users-list mailing list users-list@monetdb.org <mailto: users-list@monetdb.org > https://www.monetdb.org/mailman/listinfo/users-list < https://www.monetdb.org/mailman/listinfo/users-list >
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ < http://www.CWI.nl/~manegold/ > | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org <mailto: users-list@monetdb.org > https://www.monetdb.org/mailman/listinfo/users-list < https://www.monetdb.org/mailman/listinfo/users-list >
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- Sjoerd Mullender
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) | _______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) |
participants (5)
-
Anderson, David B -
Ariel Abadi -
Ariel Abadi -
Sjoerd Mullender -
Stefan Manegold