Merge pull request #11684 from runsisi/wip-fix-asok-mode

common/admin_socket: add config for admin socket permission bits Reviewed-by: Kefu Chai <kchai@redhat.com>
2025-01-20 01:51:34 +00:00 · 2017-04-21 12:23:05 -05:00 · 2017-04-21 12:23:05 -05:00 · cf5152ff63
commit cf5152ff63
parent 97478a7497 d2259ba6c5
4 changed files with 34 additions and 0 deletions
--- a/src/common/admin_socket.cc
+++ b/src/common/admin_socket.cc
@ -299,6 +299,18 @@ void AdminSocket::chown(uid_t uid, gid_t gid)
  }
 }

+void AdminSocket::chmod(mode_t mode)
+{
+  if (m_sock_fd >= 0) {
+    int r = ::chmod(m_path.c_str(), mode);
+    if (r < 0) {
+      r = -errno;
+      lderr(m_cct) << "AdminSocket: failed to chmod socket: "
+                   << cpp_strerror(r) << dendl;
+    }
+  }
+}
+
 bool AdminSocket::do_accept()
 {
  struct sockaddr_un address;
--- a/src/common/admin_socket.h
+++ b/src/common/admin_socket.h
@ -78,6 +78,7 @@ public:
  bool init(const std::string &path);

  void chown(uid_t uid, gid_t gid);
+  void chmod(mode_t mode);

 private:
  AdminSocket(const AdminSocket& rhs);
--- a/src/common/common_init.cc
+++ b/src/common/common_init.cc
@ -24,6 +24,7 @@
 #include "common/safe_io.h"
 #include "common/valgrind.h"
 #include "common/version.h"
+#include "common/strtol.h"
 #include "include/color.h"

 #include <errno.h>
@ -132,4 +133,23 @@ void common_init_finish(CephContext *cct)
      (cct->get_set_uid() || cct->get_set_gid())) {
    cct->get_admin_socket()->chown(cct->get_set_uid(), cct->get_set_gid());
  }
+
+  md_config_t *conf = cct->_conf;
+
+  if (!conf->admin_socket.empty() && !conf->admin_socket_mode.empty()) {
+    int ret = 0;
+    std::string err;
+
+    ret = strict_strtol(conf->admin_socket_mode.c_str(), 8, &err);
+    if (err.empty()) {
+      if (!(ret & (~ACCESSPERMS))) {
+        cct->get_admin_socket()->chmod(static_cast<mode_t>(ret));
+      } else {
+        lderr(cct) << "Invalid octal permissions string: "
+            << conf->admin_socket_mode << dendl;
+      }
+    } else {
+      lderr(cct) << "Invalid octal string: " << err << dendl;
+    }
+  }
 }
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@ -27,6 +27,7 @@ OPTION(lockdep, OPT_BOOL, false)
 OPTION(lockdep_force_backtrace, OPT_BOOL, false) // always gather current backtrace at every lock
 OPTION(run_dir, OPT_STR, "/var/run/ceph")       // the "/var/run/ceph" dir, created on daemon startup
 OPTION(admin_socket, OPT_STR, "$run_dir/$cluster-$name.asok") // default changed by common_preinit()
+OPTION(admin_socket_mode, OPT_STR, "") // permission bits to set for admin socket file, e.g., "0775", "0755"
 OPTION(crushtool, OPT_STR, "crushtool") // crushtool utility path

 OPTION(daemonize, OPT_BOOL, false) // default changed by common_preinit()