Bug 1644394
Summary: | Beast frontend fails to bind privileged ports with EACCES | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Casey Bodley <cbodley> |
Component: | RGW | Assignee: | Casey Bodley <cbodley> |
Status: | CLOSED ERRATA | QA Contact: | Vidushi Mishra <vimishra> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 3.2 | CC: | cbodley, ceph-eng-bugs, hnallurv, kbader, mbenjamin, sweil, tserlin, vakulkar |
Target Milestone: | rc | ||
Target Release: | 3.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | RHEL: ceph-12.2.8-24.el7cp Ubuntu: ceph_12.2.8-22redhat1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-01-03 19:02:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0020 |
Description of problem: When a privileged port number is given with rgw_frontends=beast, the frontend fails to bind with EACCES because radosgw has already dropped its permissions with setuid/setgid. Version-Release number of selected component (if applicable): RHCS 3.1 How reproducible: Always Steps to Reproduce: 1. Start radosgw with --rgw_frontends "beast port=80" Actual results: Radosgw fails to start with an error message: > 2018-10-30 07:28:35.451529 7fe6b7badfc0 0 starting handler: beast > 2018-10-30 07:28:35.452356 7fe6b7badfc0 -1 failed to bind address 10.8.128.74:443: Permission denied Expected results: Radosgw should defer its calls to setuid/setgid until the beast frontend is able to bind to these priveleged ports. Additional info: