[MonetDB-users] monetdb permission denied
Hi, noob question ... I've just installed MonetDB on an Ubuntu Karmic machine. I've got merovingian running: monetdb 7379 1 0 Apr06 ? 00:00:01 /usr/bin/merovingian but I see permission denied when I try to use monetdb on the same machine: $ monetdb status permission denied As an experiment, I have added my user to the monetdb group and I have changed the permissions so that the monetdb group can access the socket: root:/var/MonetDB5/dbfarm# ls -la total 12 drwxrwx--- 2 monetdb monetdb 4096 Apr 6 17:13 . drwxrwx--- 3 monetdb monetdb 4096 Apr 6 17:13 .. srwxrwx--- 1 monetdb monetdb 0 Apr 6 17:13 .merovingian_control -rw------- 1 monetdb nogroup 0 Apr 6 17:13 .merovingian_lock -rw------- 1 monetdb nogroup 48 Apr 6 17:13 .merovingian_pass But I still see permission denied. What's the correct way to set the system up? A pointer to whichever piece of the docs that I've missed would be ideal :) Thanks, Dave
On 07-04-2010 15:57:09 +0100, Dave Howorth wrote:
Hi, noob question ...
I've just installed MonetDB on an Ubuntu Karmic machine. I've got merovingian running:
monetdb 7379 1 0 Apr06 ? 00:00:01 /usr/bin/merovingian
but I see permission denied when I try to use monetdb on the same machine:
$ monetdb status permission denied
As an experiment, I have added my user to the monetdb group and I have changed the permissions so that the monetdb group can access the socket:
root:/var/MonetDB5/dbfarm# ls -la total 12 drwxrwx--- 2 monetdb monetdb 4096 Apr 6 17:13 . drwxrwx--- 3 monetdb monetdb 4096 Apr 6 17:13 .. srwxrwx--- 1 monetdb monetdb 0 Apr 6 17:13 .merovingian_control -rw------- 1 monetdb nogroup 0 Apr 6 17:13 .merovingian_lock -rw------- 1 monetdb nogroup 48 Apr 6 17:13 .merovingian_pass
But I still see permission denied. What's the correct way to set the system up? A pointer to whichever piece of the docs that I've missed would be ideal :)
You must be the owner, e.g. the "administrator" to perform operations using monetdb, or you must enable socket-based control which requires a passphrase to be setup. Check the mero_controlport option in the merovingian manpage[1]. [1] http://homepages.cwi.nl/~fabian/MonetDB/Man%20Pages.html/merovingian.html
Fabian Groffen wrote:
You must be the owner, e.g. the "administrator" to perform operations using monetdb, or you must enable socket-based control which requires a passphrase to be setup. Check the mero_controlport option in the merovingian manpage[1].
Thanks for that. I'd rather not set up the control port until I'm more confident of the admin and/or until I really need to access it from another machine. I didn't try to run as the monetdb user since that seems to be set up to prevent login. I guess I can set up another user who can sudo or somesuch. Is the security/adminstrator setup philosophy described somewhere? Thanks, Dave
On 07-04-2010 16:37:45 +0100, Dave Howorth wrote:
Thanks for that. I'd rather not set up the control port until I'm more confident of the admin and/or until I really need to access it from another machine. I didn't try to run as the monetdb user since that seems to be set up to prevent login. I guess I can set up another user who can sudo or somesuch. Is the security/adminstrator setup philosophy described somewhere?
I'm affraid not. We assume a user (non-root) that is the administrator of the entire database farm to create necessary databases and initialise them properly, much like most PostgreSQL installations are done by vendors, IIRC. It sounds like you used some packages to install MonetDB, perhaps they need to be changed a bit to allow the monetdb user to actually perform the administrative commands.
Fabian Groffen wrote:
On 07-04-2010 16:37:45 +0100, Dave Howorth wrote:
Thanks for that. I'd rather not set up the control port until I'm more confident of the admin and/or until I really need to access it from another machine. I didn't try to run as the monetdb user since that seems to be set up to prevent login. I guess I can set up another user who can sudo or somesuch. Is the security/adminstrator setup philosophy described somewhere?
I'm affraid not. We assume a user (non-root) that is the administrator of the entire database farm to create necessary databases and initialise them properly, much like most PostgreSQL installations are done by vendors, IIRC.
It sounds like you used some packages to install MonetDB, perhaps they need to be changed a bit to allow the monetdb user to actually perform the administrative commands.
Well I used the packages from your site :) http://monetdb.cwi.nl/downloads/Ubuntu/ I used synaptic rather than using apt-get directly but I don't think that makes any difference. As well as being new to MonetDB I'm also fairly new to ubuntu and sudo (I regularly use opensuse, which allows root login, but the last time I used sudo was when SysV was current) so it may be the packages are designed to suit a particular admin style but I don't know enough to recognize it. I haven't used PostgreSQL either, I'm afraid, only MySQL. I'll experiment a bit. Thanks, Dave
Dave Howorth wrote:
Well I used the packages from your site :) http://monetdb.cwi.nl/downloads/Ubuntu/
Just an FYI for anybody else following the same route. The Ubuntu packages do not include the JDBC driver or other jars, AFAICT. I found those at http://monetdb.cwi.nl/downloads/Java/ Cheers, Dave
On Fri, Apr 09, 2010 at 02:05:54PM +0100, Dave Howorth wrote:
Dave Howorth wrote:
Well I used the packages from your site :) http://monetdb.cwi.nl/downloads/Ubuntu/
Just an FYI for anybody else following the same route. The Ubuntu packages do not include the JDBC driver or other jars, AFAICT. I found those at http://monetdb.cwi.nl/downloads/Java/
Indeed, none of the MonetDB binary packages included the jar files. All precompiled MonetDB related jar files are only available from http://monetdb.cwi.nl/downloads/Java/ You need to download them and install them "by hand" according to your preferences and/or your system's requirements. Stefan
Cheers, Dave
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ MonetDB-users mailing list MonetDB-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/monetdb-users
-- | Dr. Stefan Manegold | mailto:Stefan.Manegold@cwi.nl | | CWI, P.O.Box 94079 | http://www.cwi.nl/~manegold/ | | 1090 GB Amsterdam | Tel.: +31 (20) 592-4212 | | The Netherlands | Fax : +31 (20) 592-4199 |
On Wed, Apr 7, 2010 at 11:37 AM, Dave Howorth
I didn't try to run as the monetdb user since that seems to be set up to prevent login. I guess I can set up another user who can sudo or somesuch. Is the security/adminstrator setup philosophy described somewhere?
I also do not use control port either. Note that there is a difference between admin actions (such as start, stop, status) and database actions (like select from). For the former, I create the user mero and run merovingian as that user. I put the dbfarm files under that user's home directory. This has the advantage of giving your control resource limits via that users login profile, and other unixy things like the user's crontab to do backups, etc. It also means merovingian is not running as root. For the latter, it's SQL access permissions, schema's and such, and you can login with mclient from any unix user; the sql user/pass is orthogonal. HTH, m
Mark Bucciarelli wrote:
Note that there is a difference between admin actions (such as start, stop, status) and database actions (like select from).
For the former, I create the user mero and run merovingian as that user. I put the dbfarm files under that user's home directory.
Well the http://monetdb.cwi.nl/downloads/Ubuntu/ packages set up a monetdb user so I set up merovingian to run as that user, by adding this command in /etc/rc.local: sudo -u monetdb merovingian
This has the advantage of giving your control resource limits via that users login profile, and
The packages set up the monetdb user with a 'nologin' profile, which I think means that the only way to run as that user is via sudo. So I think I must need to create a user who can login and who is allowed to sudo -u monetdb. Just like I have a system admin account that can sudo -u root. But the packages didn't set up such a user, so I was wondering if I'd missed some other, better way of administering MonetDB.
other unixy things like the user's crontab to do backups, etc. It also means merovingian is not running as root.
For the latter, it's SQL access permissions, schema's and such, and you can login with mclient from any unix user; the sql user/pass is orthogonal.
That's good to know :) Thanks, Dave
participants (4)
-
Dave Howorth -
Fabian Groffen -
Mark Bucciarelli -
Stefan Manegold