From 3ee4fd75fbceb18644060126ca849873d9742048 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Wed, 25 Feb 2026 17:25:53 +0800 Subject: [PATCH 1/7] Update check-before-deployment.md --- check-before-deployment.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 6cbaa2bb053d4..63a9d9eed1db4 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -723,10 +723,12 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. +Before configuring SSH mutual trust, create the `tidb` user on all target machines. If SSH mutual trust is properly configured between cluster nodes, the system does not require the `tidb` user to have identical UID/GID values across nodes. However, if the cluster uses Backup & Restore (BR) and stores backups on a network file system such as NFS, it is strongly recommended to use the same user for both BR and TiDB, and to assign consistent UID and GID values to the `tidb` user on all nodes. Shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without sudo privileges), backup or restore operations might fail with "Permission Denied" errors. + 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. ```bash - useradd tidb && \ + useradd -m -d /home/tidb tidb passwd tidb ``` From ce85f8204ab742e3bc8f37164772985f814540c2 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Thu, 26 Feb 2026 12:12:33 +0800 Subject: [PATCH 2/7] Update check-before-deployment.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 63a9d9eed1db4..649036f8ae117 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -723,7 +723,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. -Before configuring SSH mutual trust, create the `tidb` user on all target machines. If SSH mutual trust is properly configured between cluster nodes, the system does not require the `tidb` user to have identical UID/GID values across nodes. However, if the cluster uses Backup & Restore (BR) and stores backups on a network file system such as NFS, it is strongly recommended to use the same user for both BR and TiDB, and to assign consistent UID and GID values to the `tidb` user on all nodes. Shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without sudo privileges), backup or restore operations might fail with "Permission Denied" errors. +Before you configure SSH mutual trust, create the `tidb` user on all target machines. For SSH mutual trust between cluster nodes, the `tidb` user does not need to have identical UID/GID values across nodes. However, if you use Backup & Restore (BR) to store backups on a network file system such as NFS, use the same user for both BR and TiDB and assign consistent UID and GID values to the `tidb` user on all nodes. This is because shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if you run BR under a different user than TiDB (especially in environments without sudo privileges), your backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From f5da7b71f234aabc3fe23d8629d96c26e74c5960 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 10:12:53 +0800 Subject: [PATCH 3/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 649036f8ae117..ecfa1acc400a4 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -723,7 +723,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. -Before you configure SSH mutual trust, create the `tidb` user on all target machines. For SSH mutual trust between cluster nodes, the `tidb` user does not need to have identical UID/GID values across nodes. However, if you use Backup & Restore (BR) to store backups on a network file system such as NFS, use the same user for both BR and TiDB and assign consistent UID and GID values to the `tidb` user on all nodes. This is because shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if you run BR under a different user than TiDB (especially in environments without sudo privileges), your backup or restore operations might fail with "Permission Denied" errors. +When configuring SSH mutual trust, create and use the `tidb` user on all target machines. In general, TiDB does not require the same user to exist across all nodes. However, if you plan to use Backup & Restore (BR), it is recommended that you use the same user for all BR and TiDB operations. If backups are stored on network file systems such as NFS, ensure that this user has consistent UID and GID values across all nodes, because NFS relies on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 7c74c1e46731413f350142675f417f04929511c3 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 11:57:13 +0800 Subject: [PATCH 4/7] Apply suggestions from code review --- check-before-deployment.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index ecfa1acc400a4..ba4d7407bae3a 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -721,9 +721,12 @@ The steps to check and configure these parameters are as follows: ## Manually configure the SSH mutual trust and sudo without password -This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. +This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. -When configuring SSH mutual trust, create and use the `tidb` user on all target machines. In general, TiDB does not require the same user to exist across all nodes. However, if you plan to use Backup & Restore (BR), it is recommended that you use the same user for all BR and TiDB operations. If backups are stored on network file systems such as NFS, ensure that this user has consistent UID and GID values across all nodes, because NFS relies on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require the same user to exist on every node. However, pay attention to user consistency in the following scenarios: + +- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. +- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 0d7998825932320485915ddb7ad4a3dc614d5d7b Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 12:16:05 +0800 Subject: [PATCH 5/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index ba4d7407bae3a..996b6243b0f03 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -723,7 +723,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. -When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require the same user to exist on every node. However, pay attention to user consistency in the following scenarios: +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: - Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. - Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. From 0e18477b16ad91b21311e0185db8ddafd2797246 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 13:29:09 +0800 Subject: [PATCH 6/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 996b6243b0f03..4ca6d62fd0275 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -725,7 +725,7 @@ This section describes how to manually configure SSH mutual trust from the contr When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: -- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. +- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB-related operations. - Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 68a5faeb33a9db916c762423ce3a4c53b62467b1 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 15:15:20 +0800 Subject: [PATCH 7/7] Apply suggestions from code review Co-authored-by: Aolin --- check-before-deployment.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 4ca6d62fd0275..3850557ecefb3 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -721,12 +721,12 @@ The steps to check and configure these parameters are as follows: ## Manually configure the SSH mutual trust and sudo without password -This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. +This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and password-free login are configured automatically, and you can skip this section. -When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user across all nodes. However, pay attention to user consistency in the following scenarios: -- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB-related operations. -- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. +- Using Backup & Restore (BR): it is strongly recommended to perform all BR and TiDB-related operations with the same user. +- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS determines file access permissions based on underlying UID and GID. If the UID or GID differs across nodes, or if the user running BR is different from the user running TiDB (especially without `sudo` privileges), permission denied errors might occur during backup or restore operations. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password.