From d4cf19049349678065195659bb287b899f92a686 Mon Sep 17 00:00:00 2001
From: Owen Synge <osynge@suse.com>
Date: Wed, 2 Mar 2016 12:15:48 +0100
Subject: [PATCH] keyring permissions for mon daemon

The command:

sudo ceph-mon --cluster ceph --mkfs -i $NODE_NAME --keyring $PATH_MON_KEYRING

Writes a new keyring with permissions set to "0644".

Fixes: #14950
Signed-off-by: Owen Synge osynge@suse.com
(cherry picked from commit c2f91a8ce46974a72b960b7cb25af3d089fbb80d)
---
 src/mon/Monitor.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index d62d7cf1e1cc4..53d3bcdeb94bf 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -4546,7 +4546,7 @@ int Monitor::write_default_keyring(bufferlist& bl)
   os << g_conf->mon_data << "/keyring";
 
   int err = 0;
-  int fd = ::open(os.str().c_str(), O_WRONLY|O_CREAT, 0644);
+  int fd = ::open(os.str().c_str(), O_WRONLY|O_CREAT, 0600);
   if (fd < 0) {
     err = -errno;
     dout(0) << __func__ << " failed to open " << os.str() 
-- 
2.39.5