Bug 865914

Summary: glusterfs client mount does not provide root_squash/no_root_squash export options
Product: [Community] GlusterFS Reporter: Trevor Cooper <tcooper>
Component: fuseAssignee: Raghavendra Bhat <rabhat>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: mainlineCC: amarts, gluster-bugs, nock, tcooper
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: glusterfs-3.4.0qa8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-20 06:30:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Trevor Cooper 2012-10-12 19:39:43 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:10.0.8) Gecko/20121010 Firefox/10.0.8
Build Identifier: 

Without root_squash (and no_root_squash) export options any user with root access on a client with a glusterfs volume mounted with either fuse or nfs can modify any content of the glusterfs mount.

Reproducible: Always

Steps to Reproduce:
1. mount exported gluster volume on client. eg....

mount -t nfs server:/vol /glusterfs

-or-

mount -t glusterfs server:/vol /glusterfs

2. As root on client modify content of gluster mount...

[root@client ~]# mkdir -p /glusterfs/data/test
[root@client ~]# chown someuser.somegroup /glusterfs/data/test


Actual Results:  
Content modified by client root account in gluster server exported volume.

Expected Results:  
Content should NOT be modified by client root account in gluster server exported volume unless no_root_squash option is explicitly specified for volume.
Comment 1 Amar Tumballi 2013-02-20 06:30:36 UTC 
this feature just went into master. root-squashing behavior is applied to a volume as a whole. try glusterfs-3.4.0qa8 release, and set 'gluster volume set <VOLNAME> root-squashing enable' and then see if it works for you.
Comment 2 Shawn Nock 2013-04-15 19:34:06 UTC 
Backpor to 3.3.x, please