From f411175debc1298b3efe11e5e0c5fd5f66c3483d Mon Sep 17 00:00:00 2001 From: Prankul <84079249+prankulmahajan@users.noreply.github.com> Date: Wed, 17 Jan 2024 16:42:28 +0530 Subject: [PATCH] Change permissions only in case of node server --- .../kubernetes/manifests/node-server.yaml | 2 ++ pkg/ibmcsidriver/server.go | 30 ++++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml b/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml index 6cbbe7ac..c7fc0f81 100644 --- a/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml +++ b/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml @@ -94,6 +94,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + - name: IS_NODE_SERVER + value: "true" resources: limits: cpu: 200m diff --git a/pkg/ibmcsidriver/server.go b/pkg/ibmcsidriver/server.go index f518b74f..c82db79c 100644 --- a/pkg/ibmcsidriver/server.go +++ b/pkg/ibmcsidriver/server.go @@ -124,21 +124,23 @@ func (s *nonBlockingGRPCServer) Setup(endpoint string, ids csi.IdentityServer, c return nil, errors.New(msg) } - // Change group of csi socket to non-root user for enabling the csi sidecar - err = os.Chown(addr, -1, 2121) - if err != nil { - msg := "unable to update owner of the csi socket" - s.logger.Error(msg, zap.Reflect("error:", err)) - return nil, errors.New(msg) - } + if os.Getenv("IS_NODE_SERVER") == "true" { + // Change group of csi socket to non-root user for enabling the csi sidecar + err = os.Chown(addr, -1, 2121) + if err != nil { + msg := "unable to update owner of the csi socket" + s.logger.Error(msg, zap.Reflect("error:", err)) + return nil, errors.New(msg) + } - // Modify permissions of csi socket - // Only the users and the group owners will have read/write access to csi socket - err = os.Chmod(addr, 0660) - if err != nil { - msg := "permissions not updated" - s.logger.Error(msg, zap.Reflect("error:", err)) - return nil, errors.New(msg) + // Modify permissions of csi socket + // Only the users and the group owners will have read/write access to csi socket + err = os.Chmod(addr, 0660) + if err != nil { + msg := "permissions not updated" + s.logger.Error(msg, zap.Reflect("error:", err)) + return nil, errors.New(msg) + } } server := grpc.NewServer(opts...)