Setting permissions to run the DataStax Agent as the DSE user

Ensure that the DataStax Agent tarball can run as the DSE user.

If you install the DataStax Agent from a tarball, you must manually configure the Agent to run as the same DataStax Enterprise (DSE) user and set permissions for this user.

When DSE is installed, it creates a cassandra user in the database and runs as this user. It also creates a cassandra user in the operating system. Do not use the cassandra user in production for either the database or operating system. Failing to do so is a security risk.

Prerequisites

Ensure the necessary read and write permissions are set for the user or group running the Agent:

Directory and File Permissions

Feature functionality Permissions required

General Agent functionality

Read permission to cassandra.yaml

Configuring a cluster

Read/write permissions to configuration directories and files.

Backup and restore

Read/write permissions to configuration directories and files.

  • Read/write permissions to Cassandra data directories.

An umask must also be set to accommodate group permissions for new tables and data.

  • If commit log archiving is enabled, the DataStax Enterprise process must also have permissions to run the Agent’s archive script and write permissions to the configured backup directory.

Directory and File Locations

Directory/File Location

cassandra.yaml

See Configuration directories and files below.

Configuration directories and files

  • DataStax Enterprise Package installations: /etc/dse

  • DataStax Enterprise Tarball installations: install_location/conf

Data directories

Default: /var/lib/cassandra

Location is user-configurable; set in cassandra.yaml.

Commit log archiving script

  • Agent package install: /usr/share/datastax-agent/bin/archive_commitlog.sh

  • Agent tarball install: install_location/bin/archive_commitlog.sh

Procedure

To set up the umask:

  1. Open a terminal.

  2. Give read/write permission for new tables and data by editing the appropriate shell file for the DataStax Enterprise environment:

    File Location

    dse-env.sh

    • /etc/dse/

    • install_location/conf/

    cassandra-env.sh

    • /etc/dse/cassandra

    • install_location/conf

  3. Add the command umask 002 to the top of the file.

    Setting the umask to 002 is required because Cassandra creates new directories or files as 0700 by default, which does not grant read or write permissions.

    umask 002

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com