| Summary: | Access denied reproted by Apache | ||
|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | Anand Avati <aavati> |
| Component: | access-control | Assignee: | shishir gowda <sgowda> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | mainline | CC: | chrisw, gluster-bugs, jonathanwindle, nsathyan |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-02 05:33:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Anand Avati
2011-07-15 14:11:41 UTC
drwx--x--- 16 web78 client23 4.0K 2011-07-15 16:55
/srv/www/clients/client23/web78/web/
> Also get us the output of /proc/<pid>/status of the running apache
> process.
One out of 118
Tgid: 32576
Pid: 32576
PPid: 14457
TracerPid: 0
Uid: 30 30 30 30
Gid: 8 8 8 8
FDSize: 64
Groups: 8 310 5003 5004 5004 5005 5006 5007 5008 5009 5010 5011 5012
5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5028 5029
OK, the problem here seems to be that you have > 16 aux groups. The protocol in 3.1/3.2 has support for carrying over 16 aux gids to the server, which was inherited from NFS' rpc-auth (unix/sys). If your application has fewer than 16 secondary groups, it will work fine for you. You will see this issue even with NFS.
We plan to bump up this limit in a future version of the protocol. But that would break compatibility. While we figure out a workaround for your situation, please continue to use 3.2.1.
Avati
Well... after having installed that version, my system is DOWN and broken. Apache reports "Access denied" although the file is accessible and has proper rights. Or the even simply does not exist which never harmed before. [2011-07-15 16:58:47.494602] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:47.494716] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 645442: LOOKUP() /clients/client23/web78/web/.htaccess => -1 (Permission denied) [2011-07-15 16:58:47.496399] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:47.497217] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:47.497707] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:47.498199] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:47.498258] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 645444: LOOKUP() /clients/client23/web78/web/error => -1 (Permission denied) [2011-07-15 16:58:47.499366] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:47.499576] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:47.499634] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 645446: LOOKUP() /clients/client23/web78/web/error => -1 (Permission denied) [2011-07-15 16:58:47.502940] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:47.503405] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:47.503466] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 645451: LOOKUP() /clients/client23/web78/web/.htaccess => -1 (Permission denied) [2011-07-15 16:58:55.406148] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:55.406507] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:55.406566] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 647556: LOOKUP() /clients/client23/web78/web/.htaccess => -1 (Permission denied) [2011-07-15 16:58:55.409952] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote operation failed: Permission denied [2011-07-15 16:58:55.410355] I [client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote operation failed: Permission denied [2011-07-15 16:58:55.410411] W [fuse-bridge.c:184:fuse_entry_cbk] 0-glusterfs-fuse: 647560: LOOKUP() /clients/client23/web78/web/.htaccess => -1 (Permission denied) *** Bug 3841 has been marked as a duplicate of this bug. *** Fix for bug 767229 has a patch for increasing the aux gid limit to 200. *** This bug has been marked as a duplicate of bug 767229 *** |