From: Sage Weil <sage@redhat.com>
Date: Tue, 1 Oct 2019 22:45:01 +0000 (-0500)
Subject: kv/RocksDBStore: tell rocksdb to set mode to 0600, not 0644
X-Git-Tag: v14.2.5~155^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=49685cdaefaf599bc02b732d214b7c926dad3d9b;p=ceph.git

kv/RocksDBStore: tell rocksdb to set mode to 0600, not 0644

We don't want other users on the system to be able to read the rocksdb
database.

Fixes: https://tracker.ceph.com/issues/42114
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit d9a46f9f1e0b14e63ac0b8def7f7ae8a716a833a)
---

diff --git a/src/kv/RocksDBStore.cc b/src/kv/RocksDBStore.cc
index 39250bb919b2..8a1c9382abd1 100644
--- a/src/kv/RocksDBStore.cc
+++ b/src/kv/RocksDBStore.cc
@@ -382,6 +382,8 @@ int RocksDBStore::load_rocksdb_options(bool create_if_missing, rocksdb::Options&
     opt.env = static_cast<rocksdb::Env*>(priv);
   }
 
+  opt.env->SetAllowNonOwnerAccess(false);
+
   // caches
   if (!set_cache_flag) {
     cache_size = g_conf()->rocksdb_cache_size;