Bug 1277886

Summary: FSAL_GLUSTER : if only DENY entry is set for a user/group, then it lost all its default permission
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Jiffin <jthottan>
Component: nfs-ganeshaAssignee: Bug Updates Notification Mailing List <rhs-bugs>
Status: CLOSED ERRATA QA Contact: Matt Zywusko <mzywusko>
Severity: high Docs Contact:
Priority: high    
Version: rhgs-3.1CC: akhakhar, asrivast, byarlaga, jthottan, kkeithle, mzywusko, ndevos, nlevinki, sankarshan, skoduri
Target Milestone: ---Keywords: ZStream
Target Release: RHGS 3.1.2   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: nfs-ganesha-2.2.0-11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1277877 Environment:
Last Closed: 2016-03-01 05:51:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1277877    
Bug Blocks: 1260783    

Description Jiffin 2015-11-04 10:09:39 UTC 
+++ This bug was initially created as a clone of Bug #1277877 +++

Description of problem:
If only  one DENY entry is set for the user/group ,then all of the existing permission(by default it will permission of everyone) will be lost

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:
1.Export a gluster volume via ganesha with acls enabled
2.Mount the volume using nfsv4
3.create a file
4.Now set a DENY ENTRY for that file(no corresponding ALLOW ENTRY should exist) 

example
at the mount point

# touch file
# nfs4_getfacl file

A::OWNER@:rwatTcCy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

nfs4_setfacl -a D::user_b@{$DOMAIN}:W file

Actual results:
nfs4_getfacl file

A::OWNER@:rwatTcCy
D::user_b@{$DOMAIN}:rwa
A::user_b@{$DOMAIN}:tcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy


Expected results:
nfs4_getfacl file

A::OWNER@:rwatTcCy
D::user_b@{$DOMAIN}:wa
A::user_b@{$DOMAIN}:rtcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

Additional info:
Comment 2 Jiffin 2015-11-04 10:21:11 UTC 
The patch is sent for upstream for review  https://review.gerrithub.io/#/c/251342/
Comment 4 Saurabh 2015-11-23 09:52:56 UTC 
tested it on latest build, i.e.
nfs-ganesha-2.2.0-11.el7rhgs.x86_64

and result is as expected,
# nfs4_getfacl /mnt/acl-test/fil1
A::OWNER@:rwatTcCy
D::ric.blr.redhat.com:wa
A::ric.blr.redhat.com:rtcy
A::GROUP@:rwatcy
A::EVERYONE@:rwatcy
Comment 7 errata-xmlrpc 2016-03-01 05:51:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html