Bug 956957

Summary: nfs-root-squash: rename creates a file on a file residing inside a sticky bit set directory
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Saurabh <saujain>
Component: glusterdAssignee: Raghavendra Bhat <rabhat>
Status: CLOSED ERRATA QA Contact: Saurabh <saujain>
Severity: urgent Docs Contact:
Priority: high    
Version: 2.1CC: amarts, kparthas, mzywusko, rhs-bugs, vbellur
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.4.0.5rhs-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 958691 (view as bug list) Environment:
Last Closed: 2013-09-23 22:39:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 958691    

Description Saurabh 2013-04-26 05:40:45 UTC 
Description of problem:
a directory with sticky bit set, allows to create a new file with UID:GID as root:root while trying to rename a file inside it.

Version-Release number of selected component (if applicable):
glusterfs-3.4.0.1rhs-1.el6rhs.x86_64

How reproducible:
always

Steps to Reproduce:
1. Create dist-rep volume; start the volume
2. create directory "dir"
3. chmod 1777 dir

[root@rhsauto020 nfs-test]# ls -l
total 31457281
-rw-r--r--. 1 root root 32212254732 Apr 25 17:34 30GBfile
drwxrwxrwt. 2 root root         138 Apr 25 18:39 dir
drwxr-xr-x. 2 root root          36 Apr 25 18:32 dir1

4. create files inside this "dir"

[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 1 root root 0 Apr 25 18:33 file1
-rwxrwxrwx. 1 root root 0 Apr 25 18:33 file2


5. enable root-squash

[root@rhs-goldman1 ~]# ./root-squash-enable.sh 
VOLNAME:dist-rep
volume set: success

6. mv dir/file1 dir/file11
   or
   mv dir/file2 dir/file22
  
Actual results:

[root@rhsauto020 nfs-test]# mv dir/file1 dir/file11
[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 2 root root 0 Apr 25 18:33 file1
-rw-r--r--. 2 root root 0 Apr 25 18:33 file11
-rwxrwxrwx. 1 root root 0 Apr 25 18:33 file2
[root@rhsauto020 nfs-test]# mv dir/file2 dir/file22
[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 2 root root 0 Apr 25 18:33 file1
-rw-r--r--. 2 root root 0 Apr 25 18:33 file11
-rwxrwxrwx. 2 root root 0 Apr 25 18:33 file2
-rwxrwxrwx. 2 root root 0 Apr 25 18:33 file22



[root@rhsauto020 dir]# touch file3
[root@rhsauto020 dir]# ls -l
total 0
-rw-r--r--. 2 root      root      0 Apr 25 18:33 file1
-rw-r--r--. 2 root      root      0 Apr 25 18:33 file11
-rwxrwxrwx. 2 root      root      0 Apr 25 18:33 file2
-rwxrwxrwx. 2 root      root      0 Apr 25 18:33 file22
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 25 18:34 file3

Expected results:
Permission should be denied to rename.

Additional info:
Comment 2 Saurabh 2013-04-26 06:33:24 UTC 
Client used is RHEL 6.4
Comment 4 Raghavendra Bhat 2013-05-08 10:55:53 UTC 
https://code.engineering.redhat.com/gerrit/#/c/7257/ has been submitted for review.
Comment 6 Scott Haines 2013-09-23 22:39:35 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. 

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html
Comment 7 Scott Haines 2013-09-23 22:43:45 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. 

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html