Fix permission errors for split users

Correctly set ownership and permissions for daemon log files, correct
the name of the luxid logfile and set the ownership of the query socket
correctly.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

diff --git a/lib/constants.py b/lib/constants.py
index 37baba2..0beb4d3 100644 (file)
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -192,7 +192,7 @@ LAST_DRBD_PORT = 14999
 DAEMONS_LOGBASE = {
   NODED: "node-daemon",
   CONFD: "conf-daemon",
-  LUXID: "query-daemon",
+  LUXID: "luxi-daemon",
   RAPI: "rapi-daemon",
   MASTERD: "master-daemon",
   MOND: "monitoring-daemon",

diff --git a/lib/runtime.py b/lib/runtime.py
index c06c493..bb586f1 100644 (file)
--- a/lib/runtime.py
+++ b/lib/runtime.py
@@ -104,6 +104,9 @@ class GetentResolver:
     self.noded_uid = GetUid(constants.NODED_USER, _getpwnam)
     self.noded_gid = GetGid(constants.NODED_GROUP, _getgrnam)
 
+    self.mond_uid = GetUid(constants.MOND_USER, _getpwnam)
+    self.mond_gid = GetGid(constants.MOND_GROUP, _getgrnam)
+
     # Misc Ganeti groups
     self.daemons_gid = GetGid(constants.DAEMONS_GROUP, _getgrnam)
     self.admin_gid = GetGid(constants.ADMIN_GROUP, _getgrnam)
@@ -114,6 +117,7 @@ class GetentResolver:
       self.luxid_uid: constants.LUXID_USER,
       self.rapi_uid: constants.RAPI_USER,
       self.noded_uid: constants.NODED_USER,
+      self.mond_uid: constants.MOND_USER,
       }
 
     self._gid2group = {
@@ -122,6 +126,7 @@ class GetentResolver:
       self.luxid_gid: constants.LUXID_GROUP,
       self.rapi_gid: constants.RAPI_GROUP,
       self.noded_gid: constants.NODED_GROUP,
+      self.mond_gid: constants.MOND_GROUP,
       self.daemons_gid: constants.DAEMONS_GROUP,
       self.admin_gid: constants.ADMIN_GROUP,
       }

diff --git a/lib/tools/ensure_dirs.py b/lib/tools/ensure_dirs.py
index f0a4425..c173f43 100644 (file)
--- a/lib/tools/ensure_dirs.py
+++ b/lib/tools/ensure_dirs.py
@@ -122,7 +122,9 @@ def GetPaths():
   masterd_log = constants.DAEMONS_LOGFILES[constants.MASTERD]
   noded_log = constants.DAEMONS_LOGFILES[constants.NODED]
   confd_log = constants.DAEMONS_LOGFILES[constants.CONFD]
+  luxid_log = constants.DAEMONS_LOGFILES[constants.LUXID]
   rapi_log = constants.DAEMONS_LOGFILES[constants.RAPI]
+  mond_log = constants.DAEMONS_LOGFILES[constants.MOND]
 
   rapi_dir = os.path.join(pathutils.DATA_DIR, "rapi")
   cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "cleaner")
@@ -194,8 +196,10 @@ def GetPaths():
     (pathutils.LOG_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid),
     (masterd_log, FILE, 0600, getent.masterd_uid, getent.masterd_gid, False),
     (confd_log, FILE, 0600, getent.confd_uid, getent.masterd_gid, False),
+    (luxid_log, FILE, 0600, getent.luxid_uid, getent.masterd_gid, False),
     (noded_log, FILE, 0600, getent.noded_uid, getent.masterd_gid, False),
     (rapi_log, FILE, 0600, getent.rapi_uid, getent.masterd_gid, False),
+    (mond_log, FILE, 0600, getent.mond_uid, getent.masterd_gid, False),
     (pathutils.LOG_OS_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid),
     (pathutils.LOG_XEN_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid),
     (cleaner_log_dir, DIR, 0750, getent.noded_uid, getent.noded_gid),

diff --git a/src/Ganeti/Luxi.hs b/src/Ganeti/Luxi.hs
index b0c8b8f..ecad598 100644 (file)
--- a/src/Ganeti/Luxi.hs
+++ b/src/Ganeti/Luxi.hs
@@ -228,7 +228,7 @@ getServer :: Bool -> FilePath -> IO S.Socket
 getServer setOwner path = do
   s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
   S.bindSocket s (S.SockAddrUnix path)
-  when setOwner . setOwnerAndGroupFromNames path GanetiConfd $
+  when setOwner . setOwnerAndGroupFromNames path GanetiLuxid $
     ExtraGroup DaemonsGroup
   S.listen s 5 -- 5 is the max backlog
   return s