devauth server creates auth.db with the wrong privileges
Bug #666957 reported by
John Dickinson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Medium
|
clayg |
Bug Description
if one starts the auth server as root and auth.db does not exist, it will be created as root (before the privilege drop). This causes subsequent requests to fail (permissions don't allow non-owner to read/write).
Related branches
lp:~clay-gerrard/swift/run_daemon
- John Dickinson: Approve
- gholt (community): Approve
-
Diff: 1287 lines (+653/-224)26 files modifiedbin/swift-account-auditor (+4/-9)
bin/swift-account-reaper (+4/-9)
bin/swift-account-replicator (+4/-9)
bin/swift-account-server (+3/-6)
bin/swift-account-stats-logger (+7/-8)
bin/swift-auth-server (+3/-5)
bin/swift-container-auditor (+4/-9)
bin/swift-container-replicator (+4/-10)
bin/swift-container-server (+3/-5)
bin/swift-container-updater (+4/-9)
bin/swift-log-stats-collector (+7/-8)
bin/swift-log-uploader (+17/-7)
bin/swift-object-auditor (+4/-10)
bin/swift-object-replicator (+4/-10)
bin/swift-object-server (+3/-5)
bin/swift-object-updater (+4/-9)
bin/swift-proxy-server (+3/-5)
swift/common/daemon.py (+41/-15)
swift/common/db_replicator.py (+0/-4)
swift/common/utils.py (+102/-12)
swift/common/wsgi.py (+51/-37)
test/unit/__init__.py (+15/-0)
test/unit/common/test_daemon.py (+83/-4)
test/unit/common/test_utils.py (+175/-4)
test/unit/common/test_wsgi.py (+103/-1)
test/unit/stats/test_log_processor.py (+1/-14)
Changed in swift: | |
status: | New → In Progress |
Changed in swift: | |
status: | In Progress → Fix Committed |
Changed in swift: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is a more general problem with run_wsgi I think. I don't see a particular reason why it needs to create the app before dropping privileges.