Description of problem: Version-Release number of selected component (if applicable): OS: RHEL5.10 Gluster 3.5 3.6 How reproducible: Suppose there is FUSE client mount point as /glusterfs. In this directory there are some subdirectory with different owner/groups like htis: $ ls -l /glusterfs/ drwxr-x--- testuser1 testuser1 dir1 drwxr-x--- testuser2 testuser2 dir2 drwxr-x--- testuser3 testuser3 dir3 drwxr-x--- testuser4 testuser4 dir4 ........ drwxr-x--- testuser200 testuser200 dir200 Note, that all directory have 750 mode. Next create user: useradd testuser usermod -a -G testuser1, .... ,testuser200 testuser su - testuser ls /glusterfs/dir1 ls: /glusterfs/dir1/: Permission denied Steps to Reproduce: 1. 2. 3. Actual results: Permission denied Expected results: User testuser can do ls on subdirectory from above example. Additional info:
You should be able to get this to work by setting the server.manage-gids volume option. This moves the resolving of all the auxiliary groups to the bricks. By default, the FUSE client sends a list of the groups where the user belongs to, and the RPC protocol limits this list to approx. 93 groups. See http://review.gluster.org/7202 for a little more details. Please let me know if this helps you.
Thank you very mach - now it's working. But this solution will be working only when the same user/groups exist on both machine: where block device physically mount as bricks and on the FUSE client - am i right ?
Yes, using server.manage-gids requires that the servers hosting the bricks for the volume can resolve all the groups of the user by using the UID. The GlusterFS protocol passes the UID (numeric, not the name/string), to getgroups(2). I think this answers your questions about this problem, therefore I am closing this bug. Thanks, Niels.