multi-client data directory permissions #357
Description
while incorporating vc-nimbus and vc-teku into a multi-client cluster I ran into issues with both related to permissions on the charon-distributed-validator-node/data folder. When starting the stack for the first time, Docker creates the data/ directories as root:root
Permission Requirements for Validator Client Data Directories
Different validator clients have different permission requirements for their data directories:
Nimbus
- Requires 700 (drwx------) on data directory
- Must be owned by container UID (1000)
Teku
- Requires write access to create logs directory
- May need to be owned by container UID (1000)?
work-around
modify the local charon-distributed-validator-node/data permissions as follows:
# For Nimbus
sudo mkdir -p ./data/vc-nimbus/validators
sudo chown -R 1000:1000 ./data/vc-nimbus
sudo chmod 700 ./data/vc-nimbus
sudo chmod 700 ./data/vc-nimbus/validators
# For Teku
sudo mkdir -p ./data/vc-teku/logs
sudo chown -R 1000:1000 ./data/vc-teku
sudo chmod -R 700 ./data/vc-teku