Bug 166154

Summary:	acls on GFS are still reported when mounted without '-o acl'
Product:	[Retired] Red Hat Cluster Suite	Reporter:	Corey Marthaler <cmarthal>
Component:	gfs	Assignee:	Ben Marzinski <bmarzins>
Status:	CLOSED NEXTRELEASE	QA Contact:	GFS Bugs <gfs-bugs>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	4
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2005-09-07 15:28:05 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Corey Marthaler 2005-08-17 15:39:41 UTC

Description of problem:
GFS still reports acls when the fs is not mounted with '-o acl', unlike other
filesystems like ext3 which do not.

Mount a filesystem with acl option
[root@smith-03 ~]# mount -t gfs -o acl  /dev/linear_1/linear_10 /mnt/vedder

As root touch foobar:
[root@smith-03 vedder]# touch foobar

Try to touch foobar as user testmonkey:
[root@smith-03 vedder]# su testmonkey
[testmonkey@smith-03 vedder]$ touch foobar
touch: cannot touch `foobar': Permission denied

Now as root, grant permission to testmonkey:
[root@smith-03 vedder]# setfacl -m user:testmonkey:7 foobar
[root@smith-03 vedder]# ls -l foobar
-rw-rwxr--+ 1 root root 0 Aug 17 10:13 foobar
[root@smith-03 vedder]# getfacl foobar
# file: foobar
# owner: root
# group: root
user::rw-
user:testmonkey:rwx
group::r--
mask::rwx
other::r--

Check that testmonkey can access foobar:
[root@smith-03 vedder]# su testmonkey
[testmonkey@smith-03 vedder]$ touch foobar

Now as root mount again w/o the acl option:
[root@smith-03 ~]# umount /mnt/vedder
[root@smith-03 ~]# mount -t gfs /dev/linear_1/linear_10 /mnt/vedder

The acls are still reported:
[root@smith-03 vedder]# ls -l foobar
-rw-rwxr--+ 1 root root 0 Aug 17 10:22 foobar
[testmonkey@smith-03 vedder]$ getfacl foobar
# file: foobar
# owner: root
# group: root
user::rw-
user:testmonkey:rwx
group::r--
mask::rwx
other::r--

But at least they are not granted:
[root@smith-03 vedder]# su testmonkey
[testmonkey@smith-03 vedder]$ touch foobar
touch: cannot touch `foobar': Permission denied


Version-Release number of selected component (if applicable):
GFS 2.6.9-39.0 (built Aug 16 2005 13:50:02) installed


How reproducible:
everytime

Comment 1 Corey Marthaler 2005-08-17 19:40:57 UTC

Here's what ext3 does:

[root@smith-03 ~]# mount -o acl /dev/gfs/gfs7 /mnt/gfs7
[root@smith-03 ~]# ls -l /mnt/gfs7
total 20
-rw-rwxr--+ 1 root root     0 Aug 17 12:59 foo
drwx------  2 root root 16384 Aug 17 12:55 lost+found
[root@smith-03 ~]# getfacl /mnt/gfs7/foo
getfacl: Removing leading '/' from absolute path names
# file: mnt/gfs7/foo
# owner: root
# group: root
user::rw-
user:testmonkey:rwx
group::r--
mask::rwx
other::r--

[root@smith-03 ~]# umount /mnt/gfs7
[root@smith-03 ~]# mount /dev/gfs/gfs7 /mnt/gfs7
[root@smith-03 ~]# ls -l /mnt/gfs7
total 20
-rw-rwxr--  1 root root     0 Aug 17 12:59 foo
drwx------  2 root root 16384 Aug 17 12:55 lost+found
[root@smith-03 ~]# getfacl /mnt/gfs7/foo
getfacl: Removing leading '/' from absolute path names
# file: mnt/gfs7/foo
# owner: root
# group: root
user::rw-
group::rwx
other::r--

Comment 2 Ben Marzinski 2005-08-29 22:43:55 UTC

GFS wasn't correctly checking whether you can acls enabled when you tried to
read the acl extended attributes.  This is now fixed.

Comment 3 Corey Marthaler 2005-09-07 15:28:05 UTC

fix verified in GFS 2.6.9-40.0 (built Aug 31 2005 14:04:50)