Debug mode: like ``-f``, but also send all log output to stderr.
+.. option:: --setuser userorgid
+
+ Set uid after starting. If a username is specified, the user
+ record is looked up to get a uid and a gid, and the gid is also set
+ as well, unless --setgroup is also specified.
+
+.. option:: --setgroup grouporgid
+
+ Set gid after starting. If a group name is specified the group
+ record is looked up to get a gid.
+
.. option:: -c ceph.conf, --conf=ceph.conf
Use *ceph.conf* configuration file instead of the default
Debug mode: like ``-f``, but also send all log output to stderr.
+.. option:: --setuser userorgid
+
+ Set uid after starting. If a username is specified, the user
+ record is looked up to get a uid and a gid, and the gid is also set
+ as well, unless --setgroup is also specified.
+
+.. option:: --setgroup grouporgid
+
+ Set gid after starting. If a group name is specified the group
+ record is looked up to get a gid.
+
.. option:: -c ceph.conf, --conf=ceph.conf
Use *ceph.conf* configuration file instead of the default
Debug mode: like ``-f``, but also send all log output to stderr.
+.. option:: --setuser userorgid
+
+ Set uid after starting. If a username is specified, the user
+ record is looked up to get a uid and a gid, and the gid is also set
+ as well, unless --setgroup is also specified.
+
+.. option:: --setgroup grouporgid
+
+ Set gid after starting. If a group name is specified the group
+ record is looked up to get a gid.
+
.. option:: --osd-data osddata
Use object store at *osddata*.
--id/-i ID set ID portion of my name\n\
--name/-n TYPE.ID set name\n\
--cluster NAME set cluster name (default: ceph)\n\
+ --setuser USER set uid to user or uid (and gid to user's gid)\n\
+ --setgroup GROUP set gid to group or gid\n\
--version show version and quit\n\
" << std::endl;
OPTION(crushtool, OPT_STR, "crushtool") // crushtool utility path
OPTION(daemonize, OPT_BOOL, false) // default changed by common_preinit()
+OPTION(setuser, OPT_STR, "") // uid or user name
+OPTION(setgroup, OPT_STR, "") // gid or group name
OPTION(pid_file, OPT_STR, "") // default changed by common_preinit()
OPTION(chdir, OPT_STR, "/")
OPTION(max_open_files, OPT_LONGLONG, 0)
#include "include/compat.h"
#include "include/color.h"
+#include <pwd.h>
+#include <grp.h>
+
#include <errno.h>
#include <deque>
#ifdef WITH_LTTNG
if (g_conf->log_flush_on_exit)
g_ceph_context->_log->set_flush_on_exit();
+ // drop privileges?
+ if (g_conf->setgroup.length() ||
+ g_conf->setuser.length()) {
+ uid_t uid = 0; // zero means no change; we can only drop privs here.
+ gid_t gid = 0;
+ if (g_conf->setuser.length()) {
+ uid = atoi(g_conf->setuser.c_str());
+ if (!uid) {
+ char buf[4096];
+ struct passwd pa;
+ struct passwd *p = 0;
+ getpwnam_r(g_conf->setuser.c_str(), &pa, buf, sizeof(buf), &p);
+ if (!p) {
+ cerr << "unable to look up user '" << g_conf->setuser << "'"
+ << std::endl;
+ exit(1);
+ }
+ uid = p->pw_uid;
+ gid = p->pw_gid;
+ }
+ }
+ if (g_conf->setgroup.length() > 0) {
+ gid = atoi(g_conf->setgroup.c_str());
+ if (!gid) {
+ char buf[4096];
+ struct group gr;
+ struct group *g = 0;
+ getgrnam_r(g_conf->setgroup.c_str(), &gr, buf, sizeof(buf), &g);
+ if (!g) {
+ cerr << "unable to look up group '" << g_conf->setgroup << "'"
+ << std::endl;
+ exit(1);
+ }
+ gid = g->gr_gid;
+ }
+ }
+ if (setgid(gid) != 0) {
+ int r = errno;
+ cerr << "unable to setgid " << gid << ": " << cpp_strerror(r)
+ << std::endl;
+ exit(1);
+ }
+ if (setuid(uid) != 0) {
+ int r = errno;
+ cerr << "unable to setuid " << uid << ": " << cpp_strerror(r)
+ << std::endl;
+ exit(1);
+ }
+ dout(0) << "set uid:gid to " << uid << ":" << gid << dendl;
+ }
+
if (g_conf->run_dir.length() &&
code_env == CODE_ENVIRONMENT_DAEMON &&
!(flags & CINIT_FLAG_NO_DAEMON_ACTIONS)) {
int r = ::mkdir(g_conf->run_dir.c_str(), 0755);
if (r < 0 && errno != EEXIST) {
r = -errno;
- derr << "warning: unable to create " << g_conf->run_dir << ": " << cpp_strerror(r) << dendl;
+ cerr << "warning: unable to create " << g_conf->run_dir << ": " << cpp_strerror(r) << std::endl;
}
}
--id/-i ID set ID portion of my name
--name/-n TYPE.ID set name
--cluster NAME set cluster name (default: ceph)
+ --setuser USER set uid to user or uid (and gid to user's gid)
+ --setgroup GROUP set gid to group or gid
--version show version and quit
[1]
projects / ceph.git / commitdiff