Bug 961670
Summary: | fuse-root-squash: read happens even | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Saurabh <saujain> |
Component: | glusterd | Assignee: | Bug Updates Notification Mailing List <rhs-bugs> |
Status: | CLOSED EOL | QA Contact: | Saurabh <saujain> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 2.1 | CC: | mzywusko, rhs-bugs, rwheeler, vbellur |
Target Milestone: | --- | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Known Issue | |
Doc Text: |
Cause: open-behind delaying the open calls
Consequence: in fuse when root-squash is enabled, the file can be read even though it does not have read permissions
i.e root requests will be converted to nfsnobody and as per the file permissions nfsnobody does not have the read permission.
Workaround (if any): Turn off open-behind
Result: With open-behind turned off it behaves properly i.e file with no read permissions for others cannot be read upon requests getting root-squashed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-03 17:25:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Saurabh
2013-05-10 08:56:19 UTC
Can you please turn off open-behind xlator and check if the same issue happens? I repeated the below steps: 1. volume create, start volume 2. fuse mount 3. on fuse mount, create a file "f" 4. on fuse mount point, chmod 700 f 5. root-squash enable 6. turn off open-behind. 6. on fuse mount , cat a and cat >> a I got the proper o/p as mentioned in comment #1. cat file cat: file: Permission denied [root@hp-dl380pgen8-02-vm-12 glusterfs]# cat >> file bash: file: Permission denied ls -l file -rwx------ 1 root root 5 May 15 07:19 file Volume Name: mirror Type: Replicate Volume ID: 46d13827-7b3b-4dc9-a599-85e299e089d4 Status: Started Number of Bricks: 1 x 2 = 2 Transport-type: tcp Bricks: Brick1: hp-dl380pgen8-02-vm-11.lab.bos.redhat.com:/export/mirror Brick2: hp-dl380pgen8-02-vm-13.lab.bos.redhat.com:/export/mirror Options Reconfigured: performance.open-behind: off server.root-squash: enable As of now the work around for the issue is turning off open-behind. Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/ If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release. |