About "td-agent" user. Can we change who does td-agent process?

[Adrian Campos]

Hello guys:

I realized that when I run td-agent, either as a root user or a user with similar privileges, always a "td-agent" user will show up. It is this td-agent user that appears to be taking care of the td-agent process. 

For example, I will logging as root to the server:

     ssh root@...
     /etc/init.d/td-agent restart

By ps aux after restarting td-agent, you will realize that:

td-agent 23809  0.2  0.4 210948 19336 ?        Sl   10:34   0:00 /usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/

td-agent 23811  6.2  1.1 265428 43284 ?        Sl   10:34   0:00 /usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/

appears. Even though I started td-agent as root, the td-agent user shows up.

The thing is that in my server, the infrastructure guys have a guideline that we should use a "game" user (an 運用ユーサー) for running these kind of processes. Basically, we just keep 2 users always: game and root.

 So I want game user to run td-agent process:

game 23811  6.2  1.1 265428 43284 ?        Sl   10:34   0:00 /usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/

My fluentd config file specifies that logs should be stored in a "/data/log" path where I have given game user the permissions necessary to read, access, etc. But several problems with permissions arise when I run td-agent. This is because, after all, it is not the game user who is taking care of td-agent, but a "td-agent" user.

Is it possible to change who takes care of td-agent process? 

Thanks for your attention,

Adrian

[Arik Fraimovich]

Assuming that the game user already existing, you need to edit the init configuration file (/etc/init.d/td-agent) and change the user definition there to game and also change the ownership of all related directories (/var/log/td-agent, /etc/td-agent) to game or add game to the td-agent group.

[Adrian Campos]

Thanks!!!

[Masahiro Nakagawa]

Hmm...

We will add this topic to fluentd-docs (How to change user).

Masahiro

Thanks!!!

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Adrian Campos]

Hey guys

Thanks for the reply & for putting it in the documentation :)

I wanted to know what part specifically I should change in init.d, I guess its the following lines??

DAEMON_ARGS=${DAEMON_ARGS---user game}

TD_AGENT_ARGS="${TD_AGENT_ARGS-/usr/sbin/td-agent --group game --log /var/log/td-agent/td-agent.log}"

where user was "td-agent" but I changed them to "game".
My ps aux shows:

game     13986  0.0  0.4 210948 19208 ?        Sl   18:54   0:00 /usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group game --log /var/log/td-agent/td- ........

So I guess its ok?

But I might be missing another line there so I just wanted to confirm

On Tuesday, July 9, 2013 10:43:19 AM UTC+9, Adrian Campos wrote: