From 452e52a7e39409e3409d59940133333416b830bc Mon Sep 17 00:00:00 2001
From: Christoph Glaubitz <c.glaubitz@syseleven.de>
Date: Thu, 31 Mar 2022 12:57:53 +0000
Subject: [PATCH] mgr/cephadm: support non-root ssh-user w permissions

Restructured code, so that in case of non-root, the resulting file will
be created with permissions set to the ssh-user. This allows the
subsequent scp to be able to write the file. The remaining code kept the
same, so that file permissions are restored to the expected ones, but
just runs after the scp.

Fixes: https://tracker.ceph.com/issues/54620
Signed-off-by: Christoph Glaubitz <c.glaubitz@syseleven.de>
---
 src/pybind/mgr/cephadm/ssh.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/pybind/mgr/cephadm/ssh.py b/src/pybind/mgr/cephadm/ssh.py
index 5363ac05887..56c5d771569 100644
--- a/src/pybind/mgr/cephadm/ssh.py
+++ b/src/pybind/mgr/cephadm/ssh.py
@@ -209,11 +209,7 @@ class SSHManager:
             await self._check_execute_command(host, ['mkdir', '-p', '/tmp' + dirname], addr=addr)
             tmp_path = '/tmp' + path + '.new'
             await self._check_execute_command(host, ['touch', tmp_path], addr=addr)
-            if uid is not None and gid is not None and mode is not None:
-                # shlex quote takes str or byte object, not int
-                await self._check_execute_command(host, ['chown', '-R', str(uid) + ':' + str(gid), tmp_path], addr=addr)
-                await self._check_execute_command(host, ['chmod', oct(mode)[2:], tmp_path], addr=addr)
-            elif self.mgr.ssh_user != 'root':
+            if self.mgr.ssh_user != 'root':
                 assert self.mgr.ssh_user
                 await self._check_execute_command(host, ['chown', '-R', self.mgr.ssh_user, tmp_path], addr=addr)
                 await self._check_execute_command(host, ['chmod', str(644), tmp_path], addr=addr)
@@ -223,6 +219,10 @@ class SSHManager:
                 f.flush()
                 conn = await self._remote_connection(host, addr)
                 await asyncssh.scp(f.name, (conn, tmp_path))
+            if uid is not None and gid is not None and mode is not None:
+                # shlex quote takes str or byte object, not int
+                await self._check_execute_command(host, ['chown', '-R', str(uid) + ':' + str(gid), tmp_path], addr=addr)
+                await self._check_execute_command(host, ['chmod', oct(mode)[2:], tmp_path], addr=addr)
             await self._check_execute_command(host, ['mv', tmp_path, path], addr=addr)
         except Exception as e:
             msg = f"Unable to write {host}:{path}: {e}"
-- 
2.39.5