Bug 1644394
| Summary: | Beast frontend fails to bind privileged ports with EACCES | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Casey Bodley <cbodley> |
| Component: | RGW | Assignee: | Casey Bodley <cbodley> |
| Status: | CLOSED ERRATA | QA Contact: | Vidushi Mishra <vimishra> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.2 | CC: | cbodley, ceph-eng-bugs, hnallurv, kbader, mbenjamin, sweil, tserlin, vakulkar |
| Target Milestone: | rc | ||
| Target Release: | 3.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | RHEL: ceph-12.2.8-24.el7cp Ubuntu: ceph_12.2.8-22redhat1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-03 19:02:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0020 |
Description of problem: When a privileged port number is given with rgw_frontends=beast, the frontend fails to bind with EACCES because radosgw has already dropped its permissions with setuid/setgid. Version-Release number of selected component (if applicable): RHCS 3.1 How reproducible: Always Steps to Reproduce: 1. Start radosgw with --rgw_frontends "beast port=80" Actual results: Radosgw fails to start with an error message: > 2018-10-30 07:28:35.451529 7fe6b7badfc0 0 starting handler: beast > 2018-10-30 07:28:35.452356 7fe6b7badfc0 -1 failed to bind address 10.8.128.74:443: Permission denied Expected results: Radosgw should defer its calls to setuid/setgid until the beast frontend is able to bind to these priveleged ports. Additional info: