debian/ceph-common.postinst: fix /var/log/ceph permissions

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/debian/ceph-common.postinst b/debian/ceph-common.postinst
index f6e0d7a04c225bf50e399d2d5bab16d546ffcfc0..6a14f1ec1aeb3b8f2e7e2744465418008b5e2a30 100644 (file)
--- a/debian/ceph-common.postinst
+++ b/debian/ceph-common.postinst
@@ -80,7 +80,9 @@ case "$1" in
        if ! dpkg-statoverride --list /var/log/ceph >/dev/null
        then
            chown -R $SERVER_USER:$SERVER_GROUP /var/log/ceph
-           chmod u=rwx,g=rxs,o= /var/log/ceph
+          # members of group ceph can log here, but cannot remove
+          # others' files.  non-members cannot read any logs.
+           chmod u=rwx,g=rwxs,o=t /var/log/ceph
        fi
 
     ;;