Executing tiup Command with Non-TiDB Users of the Operating System

Translated
1

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 使用操作系统的非tidb用户执行tiup 命令

| username: Raymond

I would like to ask all the teachers for advice. Now there is a requirement: the TiDB cluster is deployed by the tidb user of the operating system. Is there any way to allow non-tidb users of the operating system, such as the abc user, to execute the tiup cluster display command? I previously thought of one method, which is to copy the /home/tidb/.tiup directory to /root/.tiup, but this method is not convenient for maintenance. So, is there any other way to achieve my requirement?

2
| username: ShawnYan | Original post link

You can try giving the abc user permissions with tiup, but this is not very secure. It is still a standard practice to use the tidb user directly.

3
| username: cheng | Original post link

You can add the user abc to the TiDB user group, and abc will have the same permissions as TiDB.

4
| username: HACK | Original post link

See if this helps you:
https://asktug.com/t/topic/95777

5
| username: wuxiangdong | Original post link

Copying /home/tidb.tiup means there will be two control machines. If two users change the configuration file parameters, it will be difficult to synchronize.

6
| username: alfred | Original post link

It is feasible to put them in the same OS group.

7
| username: Raymond | Original post link

You can consider creating a symbolic link?

8
| username: jansu-dev | Original post link

Or

  1. Write a shell script to filter abc and only allow the use of tiup display.
  2. Create an alias in the abc user’s ~/.bash_profile.
  3. The abc user SSHs into the tidb user, executes the command, and returns the result.
# like 
alias --> alias = `ssh tidb;tiup display ...;exit`

Actually, if it’s just a simple display command to check node status, deployment directories, etc.,
most of this information can be found from the dashboard, Grafana, and information_schema tables.
I don’t quite get the practical significance.

9
| username: Raymond | Original post link

Hello, teacher. I tried setting an alias, and then using the alias command to log in as the tidb user via ssh to execute the tiup command, and it works.

alias ck=“ssh tidb@127.0.0.1 ‘/home/tidb/.tiup/bin/tiup cluster display tidb-test’”

However, the method you mentioned, alias = ssh tidb;tiup display ...;exit, does not work because after ssh tidb, it directly logs in and does not execute the tiup display command.

But overall, this method is OK. Thank you, teacher.

10
| username: 特雷西-迈克-格雷迪 | Original post link

Under the abc user, creating a symbolic link for the command should work, and then set the relevant permissions.

11
| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.