From 49685cdaefaf599bc02b732d214b7c926dad3d9b Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 1 Oct 2019 17:45:01 -0500
Subject: [PATCH] kv/RocksDBStore: tell rocksdb to set mode to 0600, not 0644

We don't want other users on the system to be able to read the rocksdb
database.

Fixes: https://tracker.ceph.com/issues/42114
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit d9a46f9f1e0b14e63ac0b8def7f7ae8a716a833a)
---
 src/kv/RocksDBStore.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/kv/RocksDBStore.cc b/src/kv/RocksDBStore.cc
index 39250bb919b26..8a1c9382abd1f 100644
--- a/src/kv/RocksDBStore.cc
+++ b/src/kv/RocksDBStore.cc
@@ -382,6 +382,8 @@ int RocksDBStore::load_rocksdb_options(bool create_if_missing, rocksdb::Options&
     opt.env = static_cast<rocksdb::Env*>(priv);
   }
 
+  opt.env->SetAllowNonOwnerAccess(false);
+
   // caches
   if (!set_cache_flag) {
     cache_size = g_conf()->rocksdb_cache_size;
-- 
2.39.5