Bug 887263

Summary: gnfs-root-squash: read successful from nfsnobody for files created by root
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Saurabh <saujain>
Component: glusterdAssignee: vpshastry <vshastry>
Status: CLOSED ERRATA QA Contact: Saurabh <saujain>
Severity: high Docs Contact:
Priority: medium    
Version: 2.0CC: amarts, divya, mzywusko, nsathyan, rabhat, rfortier, rhs-bugs, shaines, storage-doc, vbellur
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: glusterfs-3.4.0qa8, glusterfs-3.3.0.5rhs-42 Doc Type: Bug Fix
Doc Text:
Cause: Consequence: Read was successful while root-squashing is on which is not an expected behavior with root-squash on. Fix: Made changes to nfs access call. Result: Not possible to read to the file with no read permission to nfsnobody while root-squash is on.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-08 04:54:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Saurabh 2012-12-14 13:42:11 UTC 
Description of problem:

------------   
On server
------------
[root@localhost ~]# gluster volume info dist-rep
 
Volume Name: dist-rep
Type: Distributed-Replicate
Volume ID: 3a9fb84b-6f4b-4bd6-aa2b-6fe86fbc44be
Status: Started
Number of Bricks: 2 x 2 = 4
Transport-type: tcp
Bricks:
Brick1: 10.70.37.148:/export/dr
Brick2: 10.70.37.149:/export/drr
Brick3: 10.70.37.164:/export/ddr
Brick4: 10.70.37.101:/export/ddrr
Options Reconfigured:
features.root-squashing: enable

------------- 
On client
-------------

"with root user" (specifically since root-squash is enabled, so it behaves like nfsnobody)
[root@dhcp159-239 dir]# ls -l
drwxr-xr-x. 3 root      root      46 Dec 12 19:14 dir-n1

[root@dhcp159-239 dir]# ls -l dir-n1/1
-rwxrwx---. 1 root root 16 Dec 13 19:28 dir-n1/1
[root@dhcp159-239 dir]# 



[root@dhcp159-239 dir]# cat dir-n1/1
Hello 1\
jilted
[root@dhcp159-239 dir]# 

[root@dhcp159-239 dir]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023



"after adding a new user called as dev1 under a new group called as devel"

[dev1@dhcp159-239 dir]$ cat dir-n1/1
cat: dir-n1/1: Permission denied
[dev1@dhcp159-239 dir]$ 

[dev1@dhcp159-239 dir]$ id
uid=500(dev1) gid=501(dev1) groups=501(dev1),500(devel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[dev1@dhcp159-239 dir]$ 



Other then this problem, found out some other issue as well, hence filed this bug-887145. 

Version-Release number of selected component (if applicable):
glusterfs-3.3.0.5rhs-37.el6rhs.0.goldman.x86_64

How reproducible:
always
Comment 2 Raghavendra Bhat 2013-01-23 11:59:56 UTC 
http://review.gluster.org/#change,4415 has been submitted for review.
Comment 3 Divya 2013-02-12 12:03:50 UTC 
Varun,

This bug has been added to Update 4 errata. Could you provide your inputs in doc text field which will enable me to update errata??

Thanks,
Divya
Comment 5 Scott Haines 2013-04-08 04:54:57 UTC 
Moving bug to CLOSED -> ERRATA.  Issue addressed in Advisory RHSA-2013:0691

http://rhn.redhat.com/errata/RHSA-2013-0691.html