From 76327cd2941771e14fc19e4d31e2a59b9e3d426d Mon Sep 17 00:00:00 2001 From: houfaxin Date: Wed, 25 Feb 2026 17:25:53 +0800 Subject: [PATCH 1/7] Update check-before-deployment.md --- check-before-deployment.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 25ef229c367f0..2419bf9f9a9b1 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -722,10 +722,12 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. +Before configuring SSH mutual trust, create the `tidb` user on all target machines. If SSH mutual trust is properly configured between cluster nodes, the system does not require the `tidb` user to have identical UID/GID values across nodes. However, if the cluster uses Backup & Restore (BR) and stores backups on a network file system such as NFS, it is strongly recommended to use the same user for both BR and TiDB, and to assign consistent UID and GID values to the `tidb` user on all nodes. Shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without sudo privileges), backup or restore operations might fail with "Permission Denied" errors. + 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. ```bash - useradd tidb && \ + useradd -m -d /home/tidb tidb passwd tidb ``` From c744e19f3456db20e227fa63b02e60030ea088d0 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Thu, 26 Feb 2026 12:12:33 +0800 Subject: [PATCH 2/7] Update check-before-deployment.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 2419bf9f9a9b1..b1b2694c32d3f 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -722,7 +722,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. -Before configuring SSH mutual trust, create the `tidb` user on all target machines. If SSH mutual trust is properly configured between cluster nodes, the system does not require the `tidb` user to have identical UID/GID values across nodes. However, if the cluster uses Backup & Restore (BR) and stores backups on a network file system such as NFS, it is strongly recommended to use the same user for both BR and TiDB, and to assign consistent UID and GID values to the `tidb` user on all nodes. Shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without sudo privileges), backup or restore operations might fail with "Permission Denied" errors. +Before you configure SSH mutual trust, create the `tidb` user on all target machines. For SSH mutual trust between cluster nodes, the `tidb` user does not need to have identical UID/GID values across nodes. However, if you use Backup & Restore (BR) to store backups on a network file system such as NFS, use the same user for both BR and TiDB and assign consistent UID and GID values to the `tidb` user on all nodes. This is because shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if you run BR under a different user than TiDB (especially in environments without sudo privileges), your backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 36be94251a76a86f1f0546011e37e246c8aacf63 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 10:12:53 +0800 Subject: [PATCH 3/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index b1b2694c32d3f..c20f7ae609be8 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -722,7 +722,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. -Before you configure SSH mutual trust, create the `tidb` user on all target machines. For SSH mutual trust between cluster nodes, the `tidb` user does not need to have identical UID/GID values across nodes. However, if you use Backup & Restore (BR) to store backups on a network file system such as NFS, use the same user for both BR and TiDB and assign consistent UID and GID values to the `tidb` user on all nodes. This is because shared storage systems such as NFS rely on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if you run BR under a different user than TiDB (especially in environments without sudo privileges), your backup or restore operations might fail with "Permission Denied" errors. +When configuring SSH mutual trust, create and use the `tidb` user on all target machines. In general, TiDB does not require the same user to exist across all nodes. However, if you plan to use Backup & Restore (BR), it is recommended that you use the same user for all BR and TiDB operations. If backups are stored on network file systems such as NFS, ensure that this user has consistent UID and GID values across all nodes, because NFS relies on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 36e4ddc1fddf2aaad5e9791484c8a2cf3e52d50b Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 11:57:13 +0800 Subject: [PATCH 4/7] Apply suggestions from code review --- check-before-deployment.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index c20f7ae609be8..042c8719aac76 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -720,9 +720,12 @@ The steps to check and configure these parameters are as follows: ## Manually configure the SSH mutual trust and sudo without password -This section describes how to manually configure the SSH mutual trust and sudo without password. It is recommended to use TiUP for deployment, which automatically configure SSH mutual trust and login without password. If you deploy TiDB clusters using TiUP, ignore this section. +This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. -When configuring SSH mutual trust, create and use the `tidb` user on all target machines. In general, TiDB does not require the same user to exist across all nodes. However, if you plan to use Backup & Restore (BR), it is recommended that you use the same user for all BR and TiDB operations. If backups are stored on network file systems such as NFS, ensure that this user has consistent UID and GID values across all nodes, because NFS relies on underlying UID/GID values to determine file permissions. If the UID/GID values differ across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require the same user to exist on every node. However, pay attention to user consistency in the following scenarios: + +- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. +- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 1a71f20c9b2f07dcd3dcae1b438989daff2abfbb Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 12:16:05 +0800 Subject: [PATCH 5/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 042c8719aac76..01dda3402831a 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -722,7 +722,7 @@ The steps to check and configure these parameters are as follows: This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. -When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require the same user to exist on every node. However, pay attention to user consistency in the following scenarios: +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: - Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. - Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. From f84d1076b05dc359752ef2b67336d79fd1f73532 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 13:29:09 +0800 Subject: [PATCH 6/7] Update check-before-deployment.md --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 01dda3402831a..c7d90d258b00e 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -724,7 +724,7 @@ This section describes how to manually configure SSH mutual trust from the contr When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: -- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB–related operations. +- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB-related operations. - Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password. From 8485694a7546ab868803f147e199950fedd96b10 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 27 Feb 2026 15:15:20 +0800 Subject: [PATCH 7/7] Apply suggestions from code review Co-authored-by: Aolin --- check-before-deployment.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index c7d90d258b00e..5962aba0dded2 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -720,12 +720,12 @@ The steps to check and configure these parameters are as follows: ## Manually configure the SSH mutual trust and sudo without password -This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and passwordless login are configured automatically. You can skip this section. +This section describes how to manually configure SSH mutual trust from the control machine to the target nodes. If you use the TiUP deployment tool, SSH mutual trust and password-free login are configured automatically, and you can skip this section. -When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user on every node. However, pay attention to user consistency in the following scenarios: +When configuring SSH mutual trust, it is recommended to create and use the `tidb` user on all target nodes. In general, TiDB does not require that you use the same user across all nodes. However, pay attention to user consistency in the following scenarios: -- Using Backup & Restore (BR): it is strongly recommended that you use the same user to perform all BR and TiDB-related operations. -- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS relies on underlying UID and GID values to determine file access permissions. If the UID or GID differs across nodes, or if BR runs under a different user than TiDB (especially in environments without `sudo` privileges), backup or restore operations might fail with "Permission Denied" errors. +- Using Backup & Restore (BR): it is strongly recommended to perform all BR and TiDB-related operations with the same user. +- Using network storage such as NFS: ensure that the user has the same UID and GID on all nodes. NFS determines file access permissions based on underlying UID and GID. If the UID or GID differs across nodes, or if the user running BR is different from the user running TiDB (especially without `sudo` privileges), permission denied errors might occur during backup or restore operations. 1. Log in to the target machine respectively using the `root` user account, create the `tidb` user and set the login password.