Commit 5f5aa745 authored by Hrvoje Ribicic's avatar Hrvoje Ribicic
Browse files

Fix socket permissions after master-failover



When using gnt-cluster master-failover, on the soon-to-be-master the
luxi daemon is started by the node daemon. This makes the luxi
daemon inherit the node daemon's umask 077, making the communication
socket unreadable to group members. When using Ganeti with non-root
users, this causes problems, as reported in issue 477.

To fix this, the socket permissions are set explicitly.
Signed-off-by: default avatarHrvoje Ribicic <riba@google.com>
Reviewed-by: default avatarMichele Tartara <mtartara@google.com>
parent 2d8438bc
......@@ -240,6 +240,7 @@ LUXI_VERSION = CONFIG_VERSION
LUXI_OVERRIDE = "FORCE_LUXI_SOCKET"
LUXI_OVERRIDE_MASTER = "master"
LUXI_OVERRIDE_QUERY = "query"
LUXI_SOCKET_PERMS = 0660
# one of "no", "yes", "only"
SYSLOG_USAGE = _autoconf.SYSLOG_USAGE
......
......@@ -67,6 +67,7 @@ import Text.JSON.Types
import System.Directory (removeFile)
import System.IO (hClose, hFlush, hWaitForInput, Handle, IOMode(..))
import System.IO.Error (isEOFError)
import System.Posix.Files
import System.Timeout
import qualified Network.Socket as S
......@@ -228,8 +229,9 @@ getServer :: Bool -> FilePath -> IO S.Socket
getServer setOwner path = do
s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
S.bindSocket s (S.SockAddrUnix path)
when setOwner . setOwnerAndGroupFromNames path GanetiLuxid $
ExtraGroup DaemonsGroup
when setOwner $ do
setOwnerAndGroupFromNames path GanetiLuxid $ ExtraGroup DaemonsGroup
setFileMode path $ fromIntegral luxiSocketPerms
S.listen s 5 -- 5 is the max backlog
return s
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment