On Fri, Nov 15, 2013 at 3:09 PM, Hrvoje Ribicic <[email protected]> wrote: > When using gnt-cluster master-failover, on the soon-to-be-master the > luxi daemon is started by the node daemon. This makes the luxi > daemon inherit the node daemon's umask 077, making the communication > socket unreadable to group members. When using Ganeti with non-root > users, this causes problems, as reported in issue 477. > > To fix this, the socket permissions are set explicitly. > > Signed-off-by: Hrvoje Ribicic <[email protected]> > --- > src/Ganeti/Luxi.hs | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/src/Ganeti/Luxi.hs b/src/Ganeti/Luxi.hs > index ecad598..e454b07 100644 > --- a/src/Ganeti/Luxi.hs > +++ b/src/Ganeti/Luxi.hs > @@ -67,6 +67,8 @@ import Text.JSON.Types > import System.Directory (removeFile) > import System.IO (hClose, hFlush, hWaitForInput, Handle, IOMode(..)) > import System.IO.Error (isEOFError) > +import System.Posix.Files > +import System.Posix.Types (FileMode) > import System.Timeout > import qualified Network.Socket as S > > @@ -82,6 +84,12 @@ import Ganeti.THH > import Ganeti.Types > import Ganeti.Utils > > +-- * Constants > + > +-- | The permissions of the socket used to communicate. > +socketPermissions :: FileMode > +socketPermissions = 0o660
I suggest to define this in the constants file, where there's already a bunch of permissions values, such as jobQueueFilesPerms. > + > -- * Utility functions > > -- | Wrapper over System.Timeout.timeout that fails in the IO monad. > @@ -228,8 +236,9 @@ getServer :: Bool -> FilePath -> IO S.Socket > getServer setOwner path = do > s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol > S.bindSocket s (S.SockAddrUnix path) > - when setOwner . setOwnerAndGroupFromNames path GanetiLuxid $ > - ExtraGroup DaemonsGroup > + when setOwner $ do > + setOwnerAndGroupFromNames path GanetiLuxid $ ExtraGroup DaemonsGroup > + setFileMode path socketPermissions > S.listen s 5 -- 5 is the max backlog > return s > > -- > 1.8.4.1 > Thanks, Michele -- Google Germany GmbH Dienerstr. 12 80331 München Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores
