Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

common/admin_socket: add config for admin socket permission bits #11684

Merged
merged 1 commit into from Apr 21, 2017

Conversation

runsisi
Copy link
Contributor

@runsisi runsisi commented Oct 29, 2016

this is to fix influxdata/telegraf#1657, so other tools, such as telegraf, running as non-root user can gather info from the ceph daemons.

Signed-off-by: runsisi runsisi@zte.com.cn

@runsisi
Copy link
Contributor Author

runsisi commented Nov 5, 2016

hi @liewegas , can you review this for me ?
thank you :)

@overskylab
Copy link

any update on this?


ret = strict_strtol(conf->admin_socket_mode.c_str(), 8, &err);
if (err.empty()) {
if (!(ret & (~07777))) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could use ALLPERMS or better off using ACCESSPERMS. for example, what is the use case of applying setuid?

void AdminSocket::chmod(mode_t mode)
{
if (m_sock_fd >= 0) {
int r = ::chmod(m_path.c_str(), mode);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we have the fd, then let's fchmod instead

Copy link
Contributor Author

@runsisi runsisi Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If fd refers to a socket, the behavior of fchmod() is unspecified[1].

[1] https://linux.die.net/man/3/fchmod

@liewegas liewegas changed the title admin-socket: add config for admin socket permission bits common/admin-socket: add config for admin socket permission bits Feb 10, 2017
@liewegas liewegas changed the title common/admin-socket: add config for admin socket permission bits common/admin_socket: add config for admin socket permission bits Feb 10, 2017
Signed-off-by: runsisi <runsisi@zte.com.cn>
@runsisi
Copy link
Contributor Author

runsisi commented Feb 13, 2017

@tchaikov @liewegas updated, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants