Bug 1028465
Summary: | non-root user not allowed to rename the directory | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Saurabh <saujain> |
Component: | glusterd | Assignee: | krishnan parthasarathi <kparthas> |
Status: | CLOSED NOTABUG | QA Contact: | Sudhir D <sdharane> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | 2.1 | CC: | grajaiya, mzywusko, nsathyan, saujain, spalai, spradhan, vagarwal, vbellur |
Target Milestone: | --- | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-13 11:57:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Saurabh
2013-11-08 14:10:23 UTC
It is happening even without in quota in consideration [root@rhslong03 nfs-test-dist-rep1]# mkdir dir6 [root@rhslong03 nfs-test-dist-rep1]# chwon qa1:qa dir6 bash: chwon: command not found [root@rhslong03 nfs-test-dist-rep1]# chown qa1:qa dir6 [root@rhslong03 nfs-test-dist-rep1]# ls -l dir6 total 0 [root@rhslong03 nfs-test-dist-rep1]# ls -ld dir6 drwxr-xr-x. 2 qa1 qa 36 Nov 8 2013 dir6 [root@rhslong03 nfs-test-dist-rep1]# [root@rhslong03 nfs-test-dist-rep1]# su qa1 [qa1@rhslong03 nfs-test-dist-rep1]$ mv dir6 dir6-rename as per discussion with developer, here are the observations, glusterfs-nfs mount-point permissions, [root@rhsauto005 ~]# ls -ld /mnt/nfs-test-213/ drwxr-xr-x. 14 root root 49152 Nov 12 03:45 /mnt/nfs-test-213/ kernel-nfs mount-point permissions, [root@rhsauto005 ~]# ls -ld /opt drwxrwxrwx. 6 root root 4096 Nov 12 06:27 /opt rename operations on kernel-nfs mount-point, directory in consideration is "dir" [qa1@rhsauto005 nfs-test-213]$ ls -l /opt total 16 drwxr-xr-x. 2 qa1 qa1 4096 Nov 12 06:26 dir drwxrwxrwx. 5 1000 1000 4096 May 25 2012 qa drwxr-xr-x. 2 test test 4096 Nov 8 08:38 qa1 drwxr-xr-x. 2 root root 4096 Jun 21 04:05 rh [qa1@rhsauto005 nfs-test-213]$ mv /opt/dir /opt/dir-rename [qa1@rhsauto005 nfs-test-213]$ ls -l /opt total 16 drwxr-xr-x. 2 qa1 qa1 4096 Nov 12 06:26 dir-rename drwxrwxrwx. 5 1000 1000 4096 May 25 2012 qa drwxr-xr-x. 2 test test 4096 Nov 8 08:38 qa1 drwxr-xr-x. 2 root root 4096 Jun 21 04:05 rh Couple of basic questions: 1. Does it happen only when Quota is enabled or without quota as well? 2. What is the behaviour with native/FUSE mount? i.e. Does the issue only seen in Gluster NFS? (In reply to Susant Kumar Palai from comment #4) > Currently the glusterfs root inode is getting the permission 755. Hence, > from as the non root user doesn't have write permission on the directory > created by root, it will not be able to rename this directory ( EPERM > ERROR) even though it is made owner of that directory, which is an obvious > behaviour . When the non-root user is made owner, it got the write permission (in user-group-other sequence), so rename() should not FAIL ideally. If the issue is consistent with FUSE, then mostly the problem is in DHT or so. By the way, what does log say? (In reply to santosh pradhan from comment #6) > Couple of basic questions: > > 1. Does it happen only when Quota is enabled or without quota as well? > > 2. What is the behaviour with native/FUSE mount? i.e. Does the issue only > seen in Gluster NFS? It happens even with quota disabled. And the the behaviour is same for native/FUSE mount as well. modifying my 1st comment as there was a typo. Currently the glusterfs root inode is getting the permission 755. Hence, as the non root user doesn't have write permission on parent of the directory which is root ('/'), it will not be able to rename this directory ( EPERM ERROR) even though it is made owner of that directory, which is an obvious behaviour . But it can do all the operations inside that directory. I checked with samba and the behaviour is same as glusterfs mount . The exception is kernel nfs, where its root inode is getting 777 permission and hence, the rename operation is feasible there (as any non root user will inherit the write permission). So as of now the above behaviour is a obvious one from Glusterfs point of view. Thanks to Santoch and Rajesh for providing there inputs. So, presently as per the trials we did for mount of different directories, it is found that kernel-nfs mount exports the same permissions as they are found for the "directory in consideration" on the server node. Whereas for Glusterfs volume mount, we still are doing a mount with permissions as 755. Also, for a subdirectory mount in a glusterfs volume also behaves the same as mentioned for kernel-nfs mount. mount command/protocol(NFS) just fetches the permissions set at the backend directory and modify the same for mount point at client end. Does not do anything more than that. :) Difference between Gluster NFS/FUSE and Kernel NFS: For Gluster, volume is not just a single directory but a set of directories distributed across the bunch of the machines (called as bricks). If the client wants a mount with 777 permission, there can be workaround(s): 1) all the directories in all the bricks has to be chmod'd to 777 and restart the Gluster daemons. :) OR 2) Create a subdir with 777 permission and mount it. Why volume gets exported with 755 permission: As its a distributed arch, the directory has to be created in all the brick m/cs, and mkdir() considers umask() while creating directory. Permission ll be set accordingly. Having said all these, This does not look like a DEFECT. Can we close it ? :) based on comment#10 and comment#11 closing this issue |