Restrict access to the mount base directory

The swift processes does not require write access to the mount base directory (which is usually /srv/node), thus the directory can be owned by root. This is more consistent with the current installation guide of Swift. Change-Id: I6da122c569e7a66a1933b7483fb8cf68a40dd94f
2022-10-20 11:08:56 +09:00 · 2022-10-20 11:08:56 +09:00 · 911919e5a5
parent b39a938a62
commit 911919e5a5
3 changed files with 6 additions and 6 deletions
--- a/manifests/storage/disk.pp
+++ b/manifests/storage/disk.pp
@ -75,8 +75,8 @@ define swift::storage::disk(
  if(!defined(File[$mnt_base_dir])) {
    file { $mnt_base_dir:
      ensure  => directory,
-      owner   => $::swift::params::user,
-      group   => $::swift::params::group,
+      owner   => 'root',
+      group   => 'root',
      require => Anchor['swift::config::begin'],
      before  => Anchor['swift::config::end'],
    }
--- a/manifests/storage/loopback.pp
+++ b/manifests/storage/loopback.pp
@ -52,8 +52,8 @@ define swift::storage::loopback(
  if(!defined(File[$mnt_base_dir])) {
    file { $mnt_base_dir:
      ensure  => directory,
-      owner   => $::swift::params::user,
-      group   => $::swift::params::group,
+      owner   => 'root',
+      group   => 'root',
      require => Anchor['swift::config::begin'],
      before  => Anchor['swift::config::end'],
    }
--- a/manifests/storage/xfs.pp
+++ b/manifests/storage/xfs.pp
@ -76,8 +76,8 @@ define swift::storage::xfs(
  if(!defined(File[$mnt_base_dir])) {
    file { $mnt_base_dir:
      ensure  => directory,
-      owner   => $::swift::params::user,
-      group   => $::swift::params::group,
+      owner   => 'root',
+      group   => 'root',
      require => Anchor['swift::config::begin'],
      before  => Anchor['swift::config::end'],
    }