From 7c96016876cb86943e4683f61ac1ab35ada8c6bf Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 18 Aug 2015 13:46:34 -0400
Subject: [PATCH] debian/ceph-common.postinst: fix /var/log/ceph permissions

Signed-off-by: Sage Weil <sage@redhat.com>
---
 debian/ceph-common.postinst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/ceph-common.postinst b/debian/ceph-common.postinst
index f6e0d7a04c225..6a14f1ec1aeb3 100644
--- a/debian/ceph-common.postinst
+++ b/debian/ceph-common.postinst
@@ -80,7 +80,9 @@ case "$1" in
        if ! dpkg-statoverride --list /var/log/ceph >/dev/null
        then
            chown -R $SERVER_USER:$SERVER_GROUP /var/log/ceph
-           chmod u=rwx,g=rxs,o= /var/log/ceph
+	   # members of group ceph can log here, but cannot remove
+	   # others' files.  non-members cannot read any logs.
+           chmod u=rwx,g=rwxs,o=t /var/log/ceph
        fi
 
     ;;
-- 
2.39.5