Back to bug 1022328

Who When What Removed Added
Shyamsundar 2013-10-23 05:02:35 UTC Blocks 1021857
Amar Tumballi 2013-11-20 09:34:56 UTC Keywords ZStream
Priority unspecified high
Status NEW ASSIGNED
CC amarts
Severity unspecified high
krishnan parthasarathi 2013-11-25 11:34:40 UTC CC kparthas
Assignee rhs-bugs srangana
Vivek Agarwal 2013-11-26 06:46:47 UTC Status ASSIGNED ON_QA
CC vagarwal
Fixed In Version glusterfs-3.4.0.44.1u2rhs
Sudhir D 2013-11-28 08:37:37 UTC QA Contact sdharane surs
Sachidananda Urs 2013-12-18 09:55:58 UTC Status ON_QA VERIFIED
John Skeoch 2013-12-19 00:14:28 UTC CC amarts vraman
Shyamsundar 2014-01-06 05:33:47 UTC Doc Text Cause:
Previously the aux group limit was 128, additionally auxilary group were not provided adequate access.

Consequence:

Fix:

Result:
Shyamsundar 2014-01-06 08:41:18 UTC Doc Text Cause:
Previously the aux group limit was 128, additionally auxilary group were not provided adequate access.

Consequence:

Fix:

Result:
Cause:
Previously the auxillary group limit was 128, So any group information for a FOP would limit the number of groups that the FOP was made on to limit to 128.

Consequence:
The result was that, if a user belonged to more than 128 groups then that information is lost, and some access due to group permissions for the user in question, that was represented in the range greater than 128, resulted in preventing access for that user for the FOP being performed.
Fix:
Now auxillary groups are processed upto 65536, hence increasing the number of groups that gluster client and server would look at to provide access for a user.
Result:
So if a user now has access to a file system object due to group permissions that are represented upto 65536 auxillary groups that the user is a part of, will not fail access checks.
Pavithra 2014-01-07 07:33:17 UTC CC psriniva, srangana
Doc Text Cause:
Previously the auxillary group limit was 128, So any group information for a FOP would limit the number of groups that the FOP was made on to limit to 128.

Consequence:
The result was that, if a user belonged to more than 128 groups then that information is lost, and some access due to group permissions for the user in question, that was represented in the range greater than 128, resulted in preventing access for that user for the FOP being performed.
Fix:
Now auxillary groups are processed upto 65536, hence increasing the number of groups that gluster client and server would look at to provide access for a user.
Result:
So if a user now has access to a file system object due to group permissions that are represented upto 65536 auxillary groups that the user is a part of, will not fail access checks.
Previously the auxiliary group limit was 128 and any group-permission-based file access operation was limited. If a user belonged to more than 128 groups then that information was lost and prevented access due to group permissions. With this update, file system object access failures do not occur due to group permissions up to 65536 auxiliary groups that the user is a part of.
Flags needinfo?(srangana)
Shyamsundar 2014-01-07 07:41:14 UTC Flags needinfo?(srangana)
Jay Turner 2014-01-15 11:29:54 UTC Target Milestone --- RHS 2.1.2
errata-xmlrpc 2014-02-25 05:27:49 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2014-02-25 07:43:28 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2014-02-25 02:43:28 UTC
Rejy M Cyriac 2015-05-13 16:32:40 UTC Target Release --- RHGS 2.1.2
Target Milestone RHS 2.1.2 ---

Back to bug 1022328