From b89d7521816990b3865fa025dc5408b63d118d8d Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Wed, 12 Aug 2015 16:50:31 -0400
Subject: [PATCH] global_init: ignore --set{user,group} if not root

Assume these options can only drop privileges; normal users can't setuid
root (and even if they could we wouldn't want to).

This makes ceph-disk behave when it sees the ceph user as 'root' and
invokes things with --setuser root but runs as a non-root user.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/global/global_init.cc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index a073613fa67c..ce044078fbe8 100644
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -133,6 +133,20 @@ void global_init(std::vector < const char * > *alt_def_args,
   if (g_conf->log_flush_on_exit)
     g_ceph_context->_log->set_flush_on_exit();
 
+  // consider --setuser root a no-op, even if we're not root
+  if (getuid() != 0) {
+    if (g_conf->setuser.length()) {
+      cerr << "ignoring --setuser " << g_conf->setuser << " since I am not root"
+	   << std::endl;
+      g_conf->set_val("setuser", "", false, false);
+    }
+    if (g_conf->setgroup.length()) {
+      cerr << "ignoring --setgroup " << g_conf->setgroup
+	   << " since I am not root" << std::endl;
+      g_conf->set_val("setgroup", "", false, false);
+    }
+  }
+
   // drop privileges?
   if (g_conf->setgroup.length() ||
       g_conf->setuser.length()) {
-- 
2.47.3