From: Sage Weil <sage@redhat.com>
Date: Mon, 8 Feb 2016 16:34:11 +0000 (-0500)
Subject: global/global_init: chown log, asok if drop privs is deferred
X-Git-Tag: v10.1.0~217^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=676c489e196d05c22438c9392570e73355c4fdbc;p=ceph.git

global/global_init: chown log, asok if drop privs is deferred

If we are deferring the drop privileges, then we are still root
and need to explicitly chown the log file and admin socket.

Note that this is a fragile solution: if there are other files
that we create or open for write between now and when privs are
eventually dropped, we need to explicitly handle them, too.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index 8ee555bb5917..596f0d2f4ca9 100644
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -22,6 +22,7 @@
 #include "common/safe_io.h"
 #include "common/signal.h"
 #include "common/version.h"
+#include "common/admin_socket.h"
 #include "global/global_context.h"
 #include "global/global_init.h"
 #include "global/pidfile.h"
@@ -243,6 +244,16 @@ void global_init(std::vector < const char * > *alt_def_args,
 
   if (priv_ss.str().length()) {
     dout(0) << priv_ss.str() << dendl;
+
+    if (g_ceph_context->get_set_uid() || g_ceph_context->get_set_gid()) {
+      // fix ownership on log, asok files.  this is sadly a bit of a hack :(
+      g_ceph_context->_log->chown_log_file(
+	g_ceph_context->get_set_uid(),
+	g_ceph_context->get_set_gid());
+      g_ceph_context->get_admin_socket()->chown(
+	g_ceph_context->get_set_uid(),
+	g_ceph_context->get_set_gid());
+    }
   }
 
   // test leak checking