kv/RocksDBStore: tell rocksdb to set mode to 0600, not 0644

We don't want other users on the system to be able to read the rocksdb
database.

Fixes: https://tracker.ceph.com/issues/42114
Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/kv/RocksDBStore.cc b/src/kv/RocksDBStore.cc
index 65affe40b97189134cb444b0e6afdc1ee64be25e..0bb1446d61a38648ed332a4bbd5b6290fd073115 100644 (file)
--- a/src/kv/RocksDBStore.cc
+++ b/src/kv/RocksDBStore.cc
@@ -382,6 +382,8 @@ int RocksDBStore::load_rocksdb_options(bool create_if_missing, rocksdb::Options&
     opt.env = static_cast<rocksdb::Env*>(priv);
   }
 
+  opt.env->SetAllowNonOwnerAccess(false);
+
   // caches
   if (!set_cache_flag) {
     cache_size = g_conf()->rocksdb_cache_size;