Bug 1017362 - [FEAT] Include per sub-directory export access control for FUSE [NEEDINFO]
[FEAT] Include per sub-directory export access control for FUSE
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: fuse (Show other bugs)
All Linux
high Severity high
: ---
: RHGS 3.3.1
Assigned To: Amar Tumballi
Manisha Saini
: FutureFeature, Reopened, ZStream
: 1286783 (view as bug list)
Depends On: 892808 1286783
Blocks: 1475686 1501446
  Show dependency treegraph
Reported: 2013-10-09 13:37 EDT by Wesley Duffee-Braun
Modified: 2017-11-28 22:29 EST (History)
29 users (show)

See Also:
Fixed In Version: glusterfs-3.8.4-47
Doc Type: Enhancement
Doc Text:
With multiple users using a Gluster volume to run their application, there is a possibility of security issues as the users can obtain other user's information. With the subdirectory mount feature, a user can access only their part of the storage, and nothing more. This brings abstraction properly to multiple users consuming the storage. Mounting a part of the Gluster volume (i.e. a subdirectory) provides namespace isolation for users by separating out their directories. Thus, multiple users can use the storage without namespace collisions with other users. This enhancement has been shipped as a technical preview feature with Red Hat Gluster Storage 3.3.1.
Story Points: ---
Clone Of:
: 1501446 (view as bug list)
Last Closed: 2017-11-28 22:29:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
atumball: needinfo? (ssaha)

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 476293 None None None 2017-02-22 06:14 EST
Red Hat Knowledge Base (Solution) 508523 None None None Never
Red Hat Product Errata RHBA-2017:3276 normal SHIPPED_LIVE glusterfs bug fix update 2017-11-29 03:28:52 EST

  None (edit)
Description Wesley Duffee-Braun 2013-10-09 13:37:15 EDT
Description of problem:
There is all-or-nothing Volume access currently with the Volume options. It would be useful to have functionality for the following:

/quotatestvol/q1     someIP
/quotatestvol/q2     anotherIP
/quotatestvol/q3     bothIPs

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Try to setup ip range access control for volume subdirectories

Actual results:
No way to do so

Expected results:
Supported behavior
Comment 2 Wesley Duffee-Braun 2013-10-14 11:57:07 EDT

I was notified that this request above may not be clear. This is for the native client only, not for NFS.

Comment 5 Wesley Duffee-Braun 2013-12-10 10:17:49 EST
After discussion with PM, this can be marked as CLOSED WONTFIX as the use case that generated this request has been lessened in urgency.
Comment 6 Wesley Duffee-Braun 2013-12-10 12:08:56 EST
Whoops - I meant to close 1029198. Re-opening this one for evaluation.

Comment 7 Harold Miller 2015-09-15 12:39:17 EDT
Any action on this RFE? Last update was 18 months ago. Customer still interested in it.
Comment 9 Harold Miller 2015-11-23 09:58:37 EST
This BZ is still set to NEW, is HIGH SEV, and has been open for over 2 years.
Can we at least guess when and if it will be added to our road-map?
Comment 11 Cal Calhoun 2016-03-21 08:54:29 EDT
Can I get an update on this BZ for my customer?
Comment 12 Cal Calhoun 2017-01-06 10:40:26 EST
@pranith : Can I get an update on the status of this BZ?  I see it was tentatively scheduled for upstream 3.8.  Do we know if it made it and will be included in RHGS 3.2?

Comment 13 Swagato Paul 2017-01-17 07:26:43 EST

I'd like to get an update on the current status of this BZ and also our future plans for it. Given that there is no significant progress on this BZ for last 3.5 years, customer is concerned and has raised management escalation.

Below I am pasting a snippet from customer's update where they have mentioned about justification/impact on business:
I think we have a strong business use case. Providing persistent storage for OpenShift platform in production scale - high number of projects/apps. This is currently possible only with scaling with number of nodes, but this is not acceptable due to price.

The BZ is still in "NEW" state. Let me know if this BZ needs any data/information from customer to proceed further?

Swagato Paul
Escalation Manager, CEE
Comment 15 Cal Calhoun 2017-01-26 16:02:32 EST
@pranith: Dave Carmichael is trying to set up a call to discuss expectations with IT.  Do you have someone that you want to be in the call?
Comment 16 Bipin Kunal 2017-02-22 06:17:24 EST
*** Bug 1286783 has been marked as a duplicate of this bug. ***
Comment 19 Alok 2017-06-13 05:09:06 EDT
@Vijay, Please review previous comment by Neeraj and let us know if any alternative approach (other than the sub-directory export) may help here?
Comment 20 WenhanShi 2017-07-24 00:48:20 EDT

Do we have some update for this bug?
Comment 21 Neeraj 2017-08-22 03:06:35 EDT

Any updates regarding this bug.

Neeraj Bhatt
Comment 22 Atin Mukherjee 2017-09-20 22:53:14 EDT
upstream patch : https://review.gluster.org/17141
Comment 26 Manisha Saini 2017-10-24 05:02:08 EDT
Verified this BZ with gluster builds 3.8.4-48 , 3.8.4-49, 3.8.4-50.
Basic sanity validation across the feature is covered.
Execution of remaining cases will continue ongoing in 3.3.1 test cycle and any issues if found, new bugs will be raised.
Comment 28 Pratik Mulay 2017-11-14 08:18:56 EST
Hi Amar,

I've edited the Doc Text for it's associated Errata.

Request you to review the same and let me know in case of any concerns.

If no changes are required, request you to provide your approval for the same.
Comment 29 Amar Tumballi 2017-11-14 08:36:58 EST
The DocText is fine as per technicality. Would like to understand from PM if this is what users want to see or they want to see different wording for the feature.
Comment 32 errata-xmlrpc 2017-11-28 22:29:14 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.