From ac09c897abd1ffa1fd688bb094566a739828a738 Mon Sep 17 00:00:00 2001 From: judyjoseph <53951155+judyjoseph@users.noreply.github.com> Date: Wed, 10 Mar 2021 09:07:47 -0800 Subject: [PATCH] [sonic-cfggen]: Use unix socket when reading from DB only if we are using sudo. (#7002) Closes issue #6982. The issue was root caused as we were using the unix_socket for reading from DB as a default mechanism (#5250). The redis unix socket is created as follows. admin@str--acs-1:~$ ls -lrt /var/run/redis/redis.sock srwxrw---- 1 root redis 0 Mar 6 01:57 /var/run/redis/redis.sock So it used to work fine for the user "root" or if user is part of redis group ( admin was made part of redis group by default ) Check if the user is with sudo permissions then use the redis unix socket, else fallback to tcp socket. --- src/sonic-config-engine/sonic-cfggen | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/sonic-config-engine/sonic-cfggen b/src/sonic-config-engine/sonic-cfggen index b0a6295ad189..d895c0dde12c 100755 --- a/src/sonic-config-engine/sonic-cfggen +++ b/src/sonic-config-engine/sonic-cfggen @@ -350,10 +350,11 @@ def main(): deep_update(data, json.loads(args.additional_data)) if args.from_db: + use_unix_sock = True if os.getuid() == 0 else False if args.namespace is None: - configdb = ConfigDBPipeConnector(use_unix_socket_path=True, **db_kwargs) + configdb = ConfigDBPipeConnector(use_unix_socket_path=use_unix_sock, **db_kwargs) else: - configdb = ConfigDBPipeConnector(use_unix_socket_path=True, namespace=args.namespace, **db_kwargs) + configdb = ConfigDBPipeConnector(use_unix_socket_path=use_unix_sock, namespace=args.namespace, **db_kwargs) configdb.connect() deep_update(data, FormatConverter.db_to_output(configdb.get_config()))