SERVER-13022 added option to set permissions on UNIX domain socket file

Signed-off-by: Benety Goh <benety@mongodb.com>
author: daveh86 <howsdav@gmail.com> 2014-05-21 17:36:28 -0400
committer: Benety Goh <benety@mongodb.com> 2014-05-29 08:54:34 -0400
commit: 2de7dc34561667c1873f76f39300f9826c159c20 (patch)
tree: ebd7dda91292e38aedaa55004b3e4e2e41db7b6b /src/mongo
parent: 507a7d5e34d051ba3f30c3add50afa08b790f6d3 (diff)
download: mongo-2de7dc34561667c1873f76f39300f9826c159c20.tar.gz
3 files changed, 18 insertions, 3 deletions
diff --git a/src/mongo/db/server_options.h b/src/mongo/db/server_options.h
index a0f77e6152c..2bf6df23a35 100644
--- a/src/mongo/db/server_options.h
+++ b/src/mongo/db/server_options.h
@@ -33,14 +33,17 @@
 
 namespace mongo {
 
+    const int DEFAULT_UNIX_PERMS = 0700;
+
     struct ServerGlobalParams {
 
         ServerGlobalParams() :
             port(DefaultDBPort), rest(false), jsonp(false), indexBuildRetry(true), quiet(false),
             configsvr(false), cpu(false), objcheck(true), defaultProfile(0),
             slowMS(100), defaultLocalThresholdMillis(15), moveParanoia(true),
-            noUnixSocket(false), doFork(0), socket("/tmp"), maxConns(DEFAULT_MAX_CONN),
-            logAppend(false), logWithSyslog(false), isHttpInterfaceEnabled(false)
+            noUnixSocket(false), doFork(0), socket("/tmp"), maxConns(DEFAULT_MAX_CONN), 
+            unixSocketPermissions(DEFAULT_UNIX_PERMS), logAppend(false), logWithSyslog(false), 
+            isHttpInterfaceEnabled(false)
         {
             started = time(0);
         }
@@ -81,6 +84,8 @@ namespace mongo {
 
         int maxConns;          // Maximum number of simultaneous open connections.
 
+        int unixSocketPermissions; // permissions for the UNIX domain socket
+
         std::string keyFile;   // Path to keyfile, or empty if none.
         std::string pidFile;   // Path to pid file, or empty if none.
 
diff --git a/src/mongo/db/server_options_helpers.cpp b/src/mongo/db/server_options_helpers.cpp
index d8bd1f55633..67bff90a0bc 100644
--- a/src/mongo/db/server_options_helpers.cpp
+++ b/src/mongo/db/server_options_helpers.cpp
@@ -104,10 +104,13 @@ namespace {
     Status addGeneralServerOptions(moe::OptionSection* options) {
         StringBuilder portInfoBuilder;
         StringBuilder maxConnInfoBuilder;
+        StringBuilder unixSockPermsBuilder;
 
         portInfoBuilder << "specify port number - " << ServerGlobalParams::DefaultDBPort << " by default";
         maxConnInfoBuilder << "max number of simultaneous connections - "
                            << DEFAULT_MAX_CONN << " by default";
+        unixSockPermsBuilder << "permissions to set on UNIX domain socket file - " 
+                             << DEFAULT_UNIX_PERMS << " by default";
 
         options->addOptionChaining("help", "help,h", moe::Switch, "show this usage information")
                                   .setSources(moe::SourceAllLegacy);
@@ -240,6 +243,9 @@ namespace {
         options->addOptionChaining("net.unixDomainSocket.pathPrefix", "unixSocketPrefix",
                 moe::String, "alternative directory for UNIX domain sockets (defaults to /tmp)");
 
+        options->addOptionChaining("net.unixDomainSocket.filePermissions", "filePermissions", 
+                moe::Int, unixSockPermsBuilder.str().c_str() );
+
         options->addOptionChaining("processManagement.fork", "fork", moe::Switch,
                 "fork server process");
 
@@ -712,6 +718,10 @@ namespace {
         if (params.count("net.unixDomainSocket.enabled")) {
             serverGlobalParams.noUnixSocket = !params["net.unixDomainSocket.enabled"].as<bool>();
         }
+        if (params.count("net.unixDomainSocket.filePermissions")) {
+            serverGlobalParams.unixSocketPermissions = 
+                params["net.unixDomainSocket.filePermissions"].as<int>();
+        }
 
         if ((params.count("processManagement.fork") &&
              params["processManagement.fork"].as<bool>() == true) &&
diff --git a/src/mongo/util/net/listen.cpp b/src/mongo/util/net/listen.cpp
index b07b5424701..579b89b8f2c 100644
--- a/src/mongo/util/net/listen.cpp
+++ b/src/mongo/util/net/listen.cpp
@@ -176,7 +176,7 @@ namespace mongo {
 
 #if !defined(_WIN32)
             if (me.getType() == AF_UNIX) {
-                if (chmod(me.getAddr().c_str(), 0777) == -1) {
+                if (chmod(me.getAddr().c_str(), serverGlobalParams.unixSocketPermissions) == -1) {
                     error() << "couldn't chmod socket file " << me << errnoWithDescription() << endl;
                 }
                 ListeningSockets::get()->addPath( me.getAddr() );
author	daveh86 <howsdav@gmail.com>	2014-05-21 17:36:28 -0400
committer	Benety Goh <benety@mongodb.com>	2014-05-29 08:54:34 -0400
commit	2de7dc34561667c1873f76f39300f9826c159c20 (patch)
tree	ebd7dda91292e38aedaa55004b3e4e2e41db7b6b /src/mongo
parent	507a7d5e34d051ba3f30c3add50afa08b790f6d3 (diff)
download	mongo-2de7dc34561667c1873f76f39300f9826c159c20.tar.gz