Use of NamedTemporaryFile creates rings with restricted permissions
Bug #1302700 reported by
James Page
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
James Page | ||
swift (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned |
Bug Description
https:/
We use the root account to create rings, but swift-proxy runs as the swift user and as a result can't read the rings.
Related branches
Changed in swift: | |
assignee: | nobody → James Page (james-page) |
status: | New → In Progress |
Changed in swift (Ubuntu Trusty): | |
importance: | Undecided → High |
status: | New → Triaged |
tags: |
added: icehouse-backport-potential removed: icehouse-rc-potential |
Changed in swift: | |
status: | Fix Committed → Fix Released |
milestone: | none → 2.0.0 |
To post a comment you must log in.
Example:
root@armstrong: /etc/swift# ls -lrt
total 2088
-rw-r--r-- 1 root root 2473 Apr 4 07:44 swift.conf
-rw-r--r-- 1 root root 16147 Apr 4 07:44 proxy-server.conf
-rw-r--r-- 1 root root 417 Apr 4 07:54 container.builder
-rw-r--r-- 1 root root 417 Apr 4 07:54 object.builder
drwxr-xr-x 2 root root 4096 Apr 4 07:54 backups
-rw------- 1 root root 1725 Apr 4 07:54 account.ring.gz
-rw-r--r-- 1 root root 2099746 Apr 4 07:54 account.builder