From: Karol Mroz <kmroz@suse.com>
Date: Tue, 8 Mar 2016 08:54:03 +0000 (+0100)
Subject: rgw: instruct civetweb to drop permissions
X-Git-Tag: v10.1.0~157^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e3d8d65f16c9bef67281aff9e71d0daac20e9703;p=ceph.git

rgw: instruct civetweb to drop permissions

Get uid set in g_ceph_context and pass to civetweb where setuid()/setgid()
will be invoked. This Allows for starting civetweb under privileged port
numbers.

Fixes: #13600

Signed-off-by: Karol Mroz <kmroz@suse.com>
---

diff --git a/src/rgw/rgw_civetweb_frontend.cc b/src/rgw/rgw_civetweb_frontend.cc
index e5c1b18d0cfa..557bb5b0f3e9 100644
--- a/src/rgw/rgw_civetweb_frontend.cc
+++ b/src/rgw/rgw_civetweb_frontend.cc
@@ -43,6 +43,14 @@ int RGWMongooseFrontend::run() {
   set_conf_default(conf_map, "num_threads", thread_pool_buf);
   set_conf_default(conf_map, "decode_url", "no");
 
+  // Set run_as_user. This will cause civetweb to invoke setuid() and setgid()
+  // based on pw_uid and pw_gid obtained from pw_name.
+  string uid_string = g_ceph_context->get_set_uid_string();
+  if (!uid_string.empty()) {
+    conf_map.erase("run_as_user");
+    conf_map["run_as_user"] = uid_string;
+  }
+
   const char *options[conf_map.size() * 2 + 1];
   int i = 0;
   for (map<string, string>::iterator iter = conf_map.begin();