debian: recursively adjust permissions of /var/lib/ceph/crash

A rather recent PR made ceph-crash run as "ceph" user instead of
root [0]. However, because /var/lib/ceph/crash/posted belongs to root,
ceph-crash cannot actually post any crash logs now.

This commit fixes this by recursively updating the permissions of
'/var/lib/ceph/crash', which ensures that all files and directories
used by 'ceph-crash.service' are actually owned by the user configured
for Ceph. This also accounts for existing installations.

Additionally, quote interpolated variables and use curly braces [1].

[0]: #48713
[1]: https://www.shellcheck.net/wiki/SC2086

Fixes: https://tracker.ceph.com/issues/64548
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
(cherry picked from commit 97a1ec4b521f05f924ff51767b9bfda825f717e9)

diff --git a/debian/ceph-base.postinst b/debian/ceph-base.postinst
index 75eeb59c6246cd3dc72e6437b85af45870b25deb..04d2ccc172a605ab0b6a162fb55533ed3a76b208 100644 (file)
--- a/debian/ceph-base.postinst
+++ b/debian/ceph-base.postinst
@@ -35,11 +35,13 @@ case "$1" in
 
         # adjust file and directory permissions
        for DIR in /var/lib/ceph/* ; do
-           if ! dpkg-statoverride --list $DIR >/dev/null
+           if ! dpkg-statoverride --list "${DIR}" >/dev/null
            then
-               chown $SERVER_USER:$SERVER_GROUP $DIR
+               chown "${SERVER_USER}:${SERVER_GROUP}" "${DIR}"
            fi
        done
+
+       chown "${SERVER_USER}:${SERVER_GROUP}" -R /var/lib/ceph/crash/*;
     ;;
     abort-upgrade|abort-remove|abort-deconfigure)
        :