global: update HOME environment variable when dropping privileges

k8s/rook is currently starting daemon pods under root using the
"--setuser" CLI optional to drop priviledges. In the case of
rbd-mirror which creates connections to remote clusters via librados,
the default search path for Ceph config files includes
"$home/.ceph/$cluster.conf", which before this change would evaluate
to "/root/.ceph/..." and then fail with a -EPERM since that directory
is not accessible by the dropped priviledges user.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit 591fb2bf686be770fc07d7b02d54c4ccff81620f)

Conflicts:
	src/global/global_init.cc
- master has g_conf()-> where luminous does g_conf->

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index 126d3c59321d5bcafaabb16707ef9c7332f41ce9..4cdd79c66b42ff2b6f828116ffe15fe7eb88876e 100644 (file)
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -184,21 +184,30 @@ global_init(std::vector < const char * > *alt_def_args,
     gid_t gid = 0;
     std::string uid_string;
     std::string gid_string;
+    std::string home_directory;
     if (g_conf->setuser.length()) {
+      char buf[4096];
+      struct passwd pa;
+      struct passwd *p = 0;
+
       uid = atoi(g_conf->setuser.c_str());
-      if (!uid) {
-       char buf[4096];
-       struct passwd pa;
-       struct passwd *p = 0;
+      if (uid) {
+        getpwuid_r(uid, &pa, buf, sizeof(buf), &p);
+      } else {
        getpwnam_r(g_conf->setuser.c_str(), &pa, buf, sizeof(buf), &p);
-       if (!p) {
+        if (!p) {
          cerr << "unable to look up user '" << g_conf->setuser << "'"
               << std::endl;
          exit(1);
        }
-       uid = p->pw_uid;
-       gid = p->pw_gid;
-       uid_string = g_conf->setuser;
+
+        uid = p->pw_uid;
+        gid = p->pw_gid;
+        uid_string = g_conf->setuser;
+      }
+
+      if (p && p->pw_dir != nullptr) {
+        home_directory = std::string(p->pw_dir);
       }
     }
     if (g_conf->setgroup.length() > 0) {
@@ -259,6 +268,10 @@ global_init(std::vector < const char * > *alt_def_args,
             << std::endl;
        exit(1);
       }
+      if (setenv("HOME", home_directory.c_str(), 1) != 0) {
+       cerr << "warning: unable to set HOME to " << home_directory << ": "
+             << cpp_strerror(errno) << std::endl;
+      }
       priv_ss << "set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")";
     } else {
       priv_ss << "deferred set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")";