Setting permissions to run the agent as the DSE user

Ensure that the DataStax Agent tarball can run as the DSE user.

If you install the DataStax Agent from a tarball, you must manually configure the agent to run as the same DataStax Enterprise (DSE) user and set permissions for this user.

Note: When DSE is installed, it creates a cassandra user in the database and runs as this user. It also creates a cassandra user in the operating system. Do not use the cassandra user in production for either the database or operating system. Failing to do so is a security risk.

Prerequisites

Ensure the necessary read and write permissions are set for the user or group running the agent:
Table 1. Directory and File Permissions
Feature functionality Permissions required
General agent functionality Read permission to cassandra.yaml
Configuring a cluster Read/write permissions to configuration directories and files.
Backup and restore
  • Read/write permissions to configuration directories and files.
  • Read/write permissions to Cassandra data directories.
    Note: A umask must also be set to accommodate group permissions for new tables and data.
  • If commit log archiving is enabled, the DataStax Enterprise process must also have permissions to run the agent's archive script and write permissions to the configured backup directory.
Table 2. Directory and File Locations
Directory/File Location
cassandra.yaml See Configuration directories and files below.
Configuration directories and files
  • DataStax Enterprise Package and Installer-Services installations: /etc/dse
  • DataStax Enterprise Tarball and Installer-No Services installations: install_location/conf
Data directories Default: /var/lib/cassandra
Note: Location is user-configurable; set in cassandra.yaml.
Commit log archiving script
  • Agent package install: /usr/share/datastax-agent/bin/archive_commitlog.sh
  • Agent tarball install: install_location/bin/archive_commitlog.sh

Procedure

To set up the umask:
  1. Open a terminal.
  2. To give read/write permissions for new tables and data, edit the appropriate shell file for the DataStax Enterprise environment:
    FileLocation
    dse-env.sh
    • /etc/dse/
    • install_location/conf/
    cassandra-env.sh
    • /etc/cassandra
    • install_location/conf
  3. Add the command umask 002 to the top of the file.
    Setting the umask to 002 is required because Cassandra creates new directories or files as 0700 by default, which does not grant read or write permissions.
    umask 002