Commit d08a8359 authored by Thomas Thrainer's avatar Thomas Thrainer

Fix permission errors for split users

Correctly set ownership and permissions for daemon log files, correct
the name of the luxid logfile and set the ownership of the query socket
correctly.
Signed-off-by: default avatarThomas Thrainer <thomasth@google.com>
Reviewed-by: default avatarMichele Tartara <mtartara@google.com>
parent 9b5a7ce9
......@@ -192,7 +192,7 @@ LAST_DRBD_PORT = 14999
DAEMONS_LOGBASE = {
NODED: "node-daemon",
CONFD: "conf-daemon",
LUXID: "query-daemon",
LUXID: "luxi-daemon",
RAPI: "rapi-daemon",
MASTERD: "master-daemon",
MOND: "monitoring-daemon",
......
......@@ -104,6 +104,9 @@ class GetentResolver:
self.noded_uid = GetUid(constants.NODED_USER, _getpwnam)
self.noded_gid = GetGid(constants.NODED_GROUP, _getgrnam)
self.mond_uid = GetUid(constants.MOND_USER, _getpwnam)
self.mond_gid = GetGid(constants.MOND_GROUP, _getgrnam)
# Misc Ganeti groups
self.daemons_gid = GetGid(constants.DAEMONS_GROUP, _getgrnam)
self.admin_gid = GetGid(constants.ADMIN_GROUP, _getgrnam)
......@@ -114,6 +117,7 @@ class GetentResolver:
self.luxid_uid: constants.LUXID_USER,
self.rapi_uid: constants.RAPI_USER,
self.noded_uid: constants.NODED_USER,
self.mond_uid: constants.MOND_USER,
}
self._gid2group = {
......@@ -122,6 +126,7 @@ class GetentResolver:
self.luxid_gid: constants.LUXID_GROUP,
self.rapi_gid: constants.RAPI_GROUP,
self.noded_gid: constants.NODED_GROUP,
self.mond_gid: constants.MOND_GROUP,
self.daemons_gid: constants.DAEMONS_GROUP,
self.admin_gid: constants.ADMIN_GROUP,
}
......
......@@ -122,7 +122,9 @@ def GetPaths():
masterd_log = constants.DAEMONS_LOGFILES[constants.MASTERD]
noded_log = constants.DAEMONS_LOGFILES[constants.NODED]
confd_log = constants.DAEMONS_LOGFILES[constants.CONFD]
luxid_log = constants.DAEMONS_LOGFILES[constants.LUXID]
rapi_log = constants.DAEMONS_LOGFILES[constants.RAPI]
mond_log = constants.DAEMONS_LOGFILES[constants.MOND]
rapi_dir = os.path.join(pathutils.DATA_DIR, "rapi")
cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "cleaner")
......@@ -194,8 +196,10 @@ def GetPaths():
(pathutils.LOG_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid),
(masterd_log, FILE, 0600, getent.masterd_uid, getent.masterd_gid, False),
(confd_log, FILE, 0600, getent.confd_uid, getent.masterd_gid, False),
(luxid_log, FILE, 0600, getent.luxid_uid, getent.masterd_gid, False),
(noded_log, FILE, 0600, getent.noded_uid, getent.masterd_gid, False),
(rapi_log, FILE, 0600, getent.rapi_uid, getent.masterd_gid, False),
(mond_log, FILE, 0600, getent.mond_uid, getent.masterd_gid, False),
(pathutils.LOG_OS_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid),
(pathutils.LOG_XEN_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid),
(cleaner_log_dir, DIR, 0750, getent.noded_uid, getent.noded_gid),
......
......@@ -228,7 +228,7 @@ getServer :: Bool -> FilePath -> IO S.Socket
getServer setOwner path = do
s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
S.bindSocket s (S.SockAddrUnix path)
when setOwner . setOwnerAndGroupFromNames path GanetiConfd $
when setOwner . setOwnerAndGroupFromNames path GanetiLuxid $
ExtraGroup DaemonsGroup
S.listen s 5 -- 5 is the max backlog
return s
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment