Bug 1229569 - FSAL_GLUSTER : inherit ACLs is not working properly for group write permissions
Summary: FSAL_GLUSTER : inherit ACLs is not working properly for group write permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: nfs-ganesha
Version: rhgs-3.1
Hardware: All
OS: All
high
high
Target Milestone: ---
: RHGS 3.1.0
Assignee: Jiffin
QA Contact: Saurabh
URL:
Whiteboard:
Depends On: 1215174 1226802 1228155 1229564
Blocks: 1202842
TreeView+ depends on / blocked
 
Reported: 2015-06-09 06:10 UTC by Jiffin
Modified: 2016-01-19 06:14 UTC (History)
12 users (show)

Fixed In Version: nfs-ganesha-2.2.0-3
Doc Type: Bug Fix
Doc Text:
Clone Of: 1226802
Environment:
Last Closed: 2015-07-29 04:59:46 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1495 0 normal SHIPPED_LIVE Important: Red Hat Gluster Storage 3.1 update 2015-07-29 08:26:26 UTC

Description Jiffin 2015-06-09 06:10:56 UTC 
+++ This bug was initially created as a clone of Bug #1226802 +++

Description of problem:

Files created in a directory that should inherit ACLs is not working for group write-permissions.That is specfic users in the cannot write into the file evenif he has nfs4_acl permission.

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:

1.Create and start a volume

2.Export a volume using nfs-ganesha

3.Create any user(user1) and group(group1) in the server and client

4.Mount the volume using nfs4 protocol

5.create directory at mount point : mkdir src

6.set inherit acl(default acl for directory) using nfs4_setfacl on src: nfs4_setfacl -a A:gdf:group1:RWX src 

7. Tries to write into a "file" inside src using user1 : su -c "/bin/echo 'Hello world' > src/file" user1

Actual results:
write fails for the file

Expected results:
write should succeed. 

Additional info:

In the case of kernel nfs it is working properly.The posix ACL set on the backend is same in both cases.But nfs4_acl for nfs-ganesha and kernel nfs is little bit different

--- Additional comment from Jiffin on 2015-06-09 02:09:00 EDT ---

In the nfs4_acl <-> posix_acl conversion , ACL entry EVERYONE should be considered for all other entry. This fix for this is send to ganesha uptream : https://review.gerrithub.io/#/c/235200/
Comment 4 Saurabh 2015-07-14 09:45:27 UTC 
1. create a directory after mounting the volume with vers=4
# mkdir /export/mnt1/vol4/acl_user1_dir7
# nfs4_getfacl /export/mnt1/vol4/acl_user1_dir7
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A::EVERYONE@:rxtcy

2. set the inherit acl
# nfs4_setfacl -a "A:gdf:acl_group.blr.redhat.com:rwx" /export/mnt1/vol4/acl_user1_dir7
# nfs4_getfacl /export/mnt1/vol4/acl_user1_dir7
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A:g:acl_group.blr.redhat.com:rwaDxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:tcy
A:fdi:GROUP@:tcy
A:fdig:acl_group.blr.redhat.com:rwaDxtcy
A:fdi:EVERYONE@:tcy

3. try to write to a file inside the directory of consideration.
# su -c "/bin/echo 'hello world' > /export/mnt1/vol4/acl_user1_dir7/file1" acl_user1
# cat /export/mnt1/vol4/acl_user1_dir7/file1
hello world
Comment 5 errata-xmlrpc 2015-07-29 04:59:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html
Note You need to log in before you can comment on or make changes to this bug.