Bug 764550 (GLUSTER-2818)

Summary: Permission problems with gluster NFS works with native FUSE
Product: [Community] GlusterFS Reporter: Harshavardhana <fharshav>
Component: nfsAssignee: Gaurav <ggangalw>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 3.1.2CC: cww, gluster-bugs, saurabh, shehjart, vijay
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: RTP Mount Type: nfs
Documentation: DNR CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harshavardhana 2011-04-19 22:12:48 UTC 
Procedure to reproduce as below. 

userA creates file 'test' in /mnt/gluster/
userA sets group ownership to groupA on /mnt/gluster/test
userA sets mode to 664 on /mnt/gluster/test
userA tries to edit /mnt/gluster/test and succeeds

root ensures that userB is in groupA
userB tries to edit /mnt/gluster/test and FAILS

http://gluster.org/pipermail/gluster-users/2011-April/007272.html
Comment 1 Shehjar Tikoo 2011-04-20 01:31:24 UTC 
Gaurav, its all yours. Let me know if you need help.
Comment 2 Vijay Bellur 2011-04-20 02:00:15 UTC 
(In reply to comment #1)
There are two issues mentioned in the thread. With editors like vim, when backup files are being created in the same directory, the backup creation fails. Please investigate that too as part of this bug.
Comment 3 Harshavardhana 2011-04-20 02:07:54 UTC 
RHEL 5.5 Native FUSE doesn't work. 

Fedora 14, Ubuntu 8.04 works with Native FUSE.
Comment 4 Gaurav 2011-04-20 05:31:45 UTC 
Its failing setattr call for users in the same group other than owner.

Problem is in access_control where we are just checking for Owner Access in case of setattr, so its not allowing others in the same group to do setattr, even after setting proper permissions by owner.
Comment 5 Anand Avati 2011-04-21 04:39:38 UTC 
PATCH: http://patches.gluster.com/patch/7000 in master (NFS : Check proper permissions in access control for setattr.)
Comment 6 Anand Avati 2011-04-21 04:40:04 UTC 
PATCH: http://patches.gluster.com/patch/7001 in release-3.1 (NFS : Check proper permissions in access control for setattr.)
Comment 7 Saurabh 2011-06-03 03:55:28 UTC 
For verfication used the build of 3.2.1qa2

for this test, I simulated the similar setup as mentioned for reproducing it and it worked.

created a group saurabh, added users srj and srj1 to it,

[srj@centos-qa-3 d3]$ grep saurabh /etc/group
saurabh:x:506:srj,srj1


10.1.12.134:/dist on /mnt/gluster type nfs (rw,nfsvers=3,nolock,addr=10.1.12.134)

[srj1@centos-qa-3 gluster]$ ls -l
total 88
-rw-r--r-- 1 root root        0 Jun  2 00:24 1
drwxr-xr-x 2 root root    12288 Jun  1 05:37 d1
drwxrwxrwx 2 srj  saurabh 12288 Jun  2 23:44 d3

[srj@centos-qa-3 gluster]$ cd d3
[srj@centos-qa-3 d3]$ ls
f.1  f.2  
[srj@centos-qa-3 d3]$ vim f.2
[srj@centos-qa-3 d3]$


now tried to edit the file f.2 with user srj1,


[srj@centos-qa-3 gluster]$ ls -li d3
total 92
13572394809226695843 -rw-rw-r-- 1 srj     srj   50 Jun  2 23:35 f.1
5947979786177860277 -rw-rw-r-- 1 srj     srj    0 Jun  2 06:16 f.2
[srj1@centos-qa-3 gluster]$ cd d3
[srj1@centos-qa-3 d3]$ sudo chmod 777 f.2
[srj1@centos-qa-3 d3]$ vim f.2
[srj1@centos-qa-3 d3]$ pwd
/mnt/gluster/d3