global/global_init: chown log, asok if drop privs is deferred

If we are deferring the drop privileges, then we are still root
and need to explicitly chown the log file and admin socket.

Note that this is a fragile solution: if there are other files
that we create or open for write between now and when privs are
eventually dropped, we need to explicitly handle them, too.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index 8ee555bb5917edc18807990eb73cf39538ac1a5d..596f0d2f4ca9a151e87f9c87a986286995ee85f3 100644 (file)
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -22,6 +22,7 @@
 #include "common/safe_io.h"
 #include "common/signal.h"
 #include "common/version.h"
+#include "common/admin_socket.h"
 #include "global/global_context.h"
 #include "global/global_init.h"
 #include "global/pidfile.h"
@@ -243,6 +244,16 @@ void global_init(std::vector < const char * > *alt_def_args,
 
   if (priv_ss.str().length()) {
     dout(0) << priv_ss.str() << dendl;
+
+    if (g_ceph_context->get_set_uid() || g_ceph_context->get_set_gid()) {
+      // fix ownership on log, asok files.  this is sadly a bit of a hack :(
+      g_ceph_context->_log->chown_log_file(
+       g_ceph_context->get_set_uid(),
+       g_ceph_context->get_set_gid());
+      g_ceph_context->get_admin_socket()->chown(
+       g_ceph_context->get_set_uid(),
+       g_ceph_context->get_set_gid());
+    }
   }
 
   // test leak checking