Details
Description
After installation or upgrade of Couchbase Server using RedHat Package Manager (RPM) files such as couchbase-server-enterprise-5.1.1-centos6.x86_64.rpm, the permissions for /opt/couchbase/var/ are set to 750. This prevents users other than "couchbase" or "root" from doing simple tasks such as listing the contents of the logs directory. Permissions for this directory are 755 for other platforms such as the official Couchbase docker container (Ubuntu) or Mac OSX.
The difference appears to be that the .rpm package imposes these permissions as a result of the package creation:
[vagrant@node1-cb511-centos6 ~]$ rpm -qp --dump /vagrant/couchbase-server-enterprise-5.1.1-centos6.x86_64.rpm | awk '/\/var/ \{print $5, $1}'
|
040750 /opt/couchbase/var
|
040755 /opt/couchbase/var/lib
|
040755 /opt/couchbase/var/lib/couchbase
|
040755 /opt/couchbase/var/lib/couchbase/config
|
0100644 /opt/couchbase/var/lib/couchbase/config/config.dat
|
0100644 /opt/couchbase/var/lib/couchbase/ip
|
0100644 /opt/couchbase/var/lib/couchbase/ip_start
|
040755 /opt/couchbase/var/lib/couchbase/logs
|
The set of files and directories above represent those under /opt/couchbase/var that are "owned" by RPM and will have their permissions set during installation or upgrade. Other files created after installation are not subject to the RPM rules.
Only the permissions for /opt/couchbase/var need to be changed from 750 to 755 to be consistent with other platforms.