global: add DEFER_DROP_PRIVILEGES flag

This will allow radosgw (or whoever) to drop privileges themselves
in their own special way based on cct->_set_{uid,gid}.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/common/common_init.h b/src/common/common_init.h
index f48b349bf0011b4218614fce3b239090b6bbdcb7..529d6f7d32584cbef97d4fe83feae9abaa2799c2 100644 (file)
--- a/src/common/common_init.h
+++ b/src/common/common_init.h
@@ -37,6 +37,9 @@ enum common_init_flags_t {
 
   // don't do anything daemonish, like create /var/run/ceph, or print a banner
   CINIT_FLAG_NO_DAEMON_ACTIONS = 0x8,
+
+  // don't drop privileges
+  CINIT_FLAG_DEFER_DROP_PRIVILEGES = 0x16,
 };
 
 /*

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index e8c12f4f96079ee7dc6d3eaeea3b66b4c3b789bf..8ee555bb5917edc18807990eb73cf39538ac1a5d 100644 (file)
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -203,19 +203,23 @@ void global_init(std::vector < const char * > *alt_def_args,
       }
     }
     g_ceph_context->set_uid_gid(uid, gid);
-    if (setgid(gid) != 0) {
-      int r = errno;
-      cerr << "unable to setgid " << gid << ": " << cpp_strerror(r)
-          << std::endl;
-      exit(1);
-    }
-    if (setuid(uid) != 0) {
-      int r = errno;
-      cerr << "unable to setuid " << uid << ": " << cpp_strerror(r)
-          << std::endl;
-      exit(1);
+    if ((flags & CINIT_FLAG_DEFER_DROP_PRIVILEGES) == 0) {
+      if (setgid(gid) != 0) {
+       int r = errno;
+       cerr << "unable to setgid " << gid << ": " << cpp_strerror(r)
+            << std::endl;
+       exit(1);
+      }
+      if (setuid(uid) != 0) {
+       int r = errno;
+       cerr << "unable to setuid " << uid << ": " << cpp_strerror(r)
+            << std::endl;
+       exit(1);
+      }
+      priv_ss << "set uid:gid to " << uid << ":" << gid;
+    } else {
+      priv_ss << "deferred set uid:gid to " << uid << ":" << gid;
     }
-    priv_ss << "set uid:gid to " << uid << ":" << gid;
   }
 
   // Expand metavariables. Invoke configuration observers. Open log file.