Bug 764876 (GLUSTER-3144)

Summary: permissions given in fuse mount don't have effect in nfs mount
Product: [Community] GlusterFS Reporter: M S Vishwanath Bhat <vbhat>
Component: access-controlAssignee: shishir gowda <sgowda>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: pre-releaseCC: anush, gluster-bugs, mzywusko, nsathyan
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: RTNR Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description M S Vishwanath Bhat 2011-07-08 11:11:02 UTC 
I Created a file with 'root' as owner and group. And removed the permissions for group and others.

debian-server1:/ment# getfacl x
# file: x
# owner: root
# group: root
user::rwx
group::---
other::---

Now I cd into a nfs mount with other login 'acl' This user is able to read and write even though he doesn't have any permissions on it.

debian-server1:/mont$ whoami
acl
debian-server1:/mont$ cat x
Line 1
Line 2
Line3 form nfs acl
Comment 1 Anush Shetty 2011-07-10 04:12:04 UTC 
This issue was seen on a distribute setup. I tried this on a plain distribute setup with a single export and found this. Didn't happen on a 2-replica setup.


As root:
[root@ip-10-87-33-221 ~]# rm -rf /gluster2/dot; touch /gluster2/dot
[root@ip-10-87-33-221 ~]# setfacl -m u:anush:rwx /gluster2/dot


As user:
On NFS Mount:

[anush@ip-10-87-33-221 tmp]$ echo '232323' > /nfs2/dot 
bash: /nfs2/dot: Permission denied

On BACKEND,
[anush@ip-10-87-33-221 tmp]$ echo '232323' > /mnt/export7/dot 

On FUSE mount
[anush@ip-10-87-33-221 tmp]$ echo '232323' > /gluster2/dot 
[anush@ip-10-87-33-221 tmp]$
Comment 2 shishir gowda 2011-07-11 04:10:27 UTC 
Works with the latest fixes that went in for bug 764789

root@shishirng-laptop:/mnt/gluster/fuse# getfacl file
# file: file
# owner: root
# group: root
user::rwx
group::---
other::---

acl@shishirng-laptop:/mnt/glusterfs/fuse$ cat file
cat: file: Permission denied
acl@shishirng-laptop:/mnt/glusterfs/fuse$ echo "gluster" >file
bash: file: Permission denied

*** This bug has been marked as a duplicate of bug 3057 ***
Comment 3 M S Vishwanath Bhat 2011-07-11 07:54:05 UTC 
This happened in 2.6.26 kernel version and when mounted with 'sec=sys' this issue doesn't happen. The issue happens only when 'sec=null' as mount options while mounting nfs.
Comment 4 Anand Avati 2011-07-11 08:32:07 UTC 
PATCH: http://patches.gluster.com/patch/7819 in release-3.2 (nfsrpc: Re-order NFS auth array contents)
Comment 5 Anand Avati 2011-07-12 06:24:47 UTC 
PATCH: http://patches.gluster.com/patch/7824 in release-3.1 (nfsrpc: Re-order NFS auth array contents)
Comment 6 Anand Avati 2011-07-13 07:01:02 UTC 
PATCH: http://patches.gluster.com/patch/7884 in master (nfsrpc: Re-order NFS auth array contents)
Comment 7 M S Vishwanath Bhat 2011-07-14 07:06:48 UTC 
Tested with 2.6.26, 2.6.18 and 2.6.33 kernel versions and it's working fine. Permissions set in the fuse mount does have effect in nfs mount.