RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-02 09:02:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

global_init: ignore --set{user,group} if not root

Browse Source 
Assume these options can only drop privileges; normal users can't setuid
root (and even if they could we wouldn't want to).

This makes ceph-disk behave when it sees the ceph user as 'root' and
invokes things with --setuser root but runs as a non-root user.

Signed-off-by: Sage Weil <sage@redhat.com>
This commit is contained in:
Sage Weil 2015-08-12 16:50:31 -04:00
parent aef00eb891
commit b89d752181
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/global/global_init.cc
View File

@ -133,6 +133,20 @@ void global_init(std::vector < const char * > *alt_def_args,
if (g_conf->log_flush_on_exit)
g_ceph_context->_log->set_flush_on_exit();
// consider --setuser root a no-op, even if we're not root
if (getuid() != 0) {
if (g_conf->setuser.length()) {
cerr << "ignoring --setuser " << g_conf->setuser << " since I am not root"
<< std::endl;
g_conf->set_val("setuser", "", false, false);
}
if (g_conf->setgroup.length()) {
cerr << "ignoring --setgroup " << g_conf->setgroup
<< " since I am not root" << std::endl;
g_conf->set_val("setgroup", "", false, false);
}
}
// drop privileges?
if (g_conf->setgroup.length() ||
g_conf->setuser.length()) {