Ceph has a postinst hook that sets the ownership of '/var/lib/ceph/*' to ceph:ceph (in our case), but misses out on '/var/lib/ceph/crash/posted'.
This patch therefore also updates the permissions of '/var/lib/ceph/*/*'. Signed-off-by: Max Carrara <m.carr...@proxmox.com> --- ...rmissions-of-subdirectories-of-var-l.patch | 42 +++++++++++++++++++ patches/series | 1 + 2 files changed, 43 insertions(+) create mode 100644 patches/0015-debian-adjust-permissions-of-subdirectories-of-var-l.patch diff --git a/patches/0015-debian-adjust-permissions-of-subdirectories-of-var-l.patch b/patches/0015-debian-adjust-permissions-of-subdirectories-of-var-l.patch new file mode 100644 index 000000000..951a2a6ed --- /dev/null +++ b/patches/0015-debian-adjust-permissions-of-subdirectories-of-var-l.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Max Carrara <m.carr...@proxmox.com> +Date: Thu, 11 Jan 2024 14:04:16 +0100 +Subject: [PATCH] debian: adjust permissions of subdirectories of /var/lib/ceph + +A rather recent PR made ceph-crash run as "ceph" user instead of +root [0]. However, because /var/lib/ceph/crash/posted belongs to root, +ceph-crash cannot actually post any crash logs now. + +This commit fixes this by also updating the permissions of +/var/lib/ceph/*/* - the subdirectories of the directories in +/var/lib/ceph. + +[0]: https://github.com/ceph/ceph/pull/48713 + +Signed-off-by: Max Carrara <m.carr...@proxmox.com> +--- + debian/ceph-base.postinst | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/debian/ceph-base.postinst b/debian/ceph-base.postinst +index 75eeb59c624..7ca0b9b6c43 100644 +--- a/debian/ceph-base.postinst ++++ b/debian/ceph-base.postinst +@@ -40,6 +40,14 @@ case "$1" in + chown $SERVER_USER:$SERVER_GROUP $DIR + fi + done ++ ++ # also adjust file and directory permissons for subdirectories ++ for SUBDIR in /var/lib/ceph/*/* ; do ++ if ! dpkg-statoverride --list $SUBDIR >/dev/null ++ then ++ chown $SERVER_USER:$SERVER_GROUP $SUBDIR ++ fi ++ done + ;; + abort-upgrade|abort-remove|abort-deconfigure) + : +-- +2.39.2 + diff --git a/patches/series b/patches/series index 865caf23d..cf8f1ea31 100644 --- a/patches/series +++ b/patches/series @@ -12,3 +12,4 @@ 0012-backport-mgr-dashboard-simplify-authentication-proto.patch 0013-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch 0014-rocksb-inherit-parent-cmake-cxx-flags.patch +0015-debian-adjust-permissions-of-subdirectories-of-var-l.patch -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
