Bug 1238561 - FSAL_GLUSTER : nfs4_getfacl do not display DENY entries
Summary: FSAL_GLUSTER : nfs4_getfacl do not display DENY entries
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: nfs-ganesha
Version: rhgs-3.1
Hardware: All
OS: All
medium
medium
Target Milestone: ---
: RHGS 3.1.2
Assignee: Jiffin
QA Contact: Matt Zywusko
URL:
Whiteboard:
Depends On: 1238558 1251471
Blocks: 1216951 1260783
TreeView+ depends on / blocked
 
Reported: 2015-07-02 07:16 UTC by Jiffin
Modified: 2016-03-01 05:27 UTC (History)
13 users (show)

Fixed In Version: nfs-ganesha-2.2.0-10
Doc Type: Bug Fix
Doc Text:
Although Deny entires are handled in nfs4_setfacl, it cannot be stored in the backend(DENY entry cannot connvert in POSIX acl). Due to this, DENY entries won't display in nfs4_getfacl. With this fix, posix acl are populated based on both ALLOW and DENY entry using algorthim mentioned in https://tools.ietf.org/html/draft-ietf-nfsv4-acl-mapping-05. nfs4_getfacl will now print the DENY entries if necessary.
Clone Of: 1238558
Environment:
Last Closed: 2016-03-01 05:27:58 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0193 0 normal SHIPPED_LIVE Red Hat Gluster Storage 3.1 update 2 2016-03-01 10:20:36 UTC

Description Jiffin 2015-07-02 07:16:53 UTC 
+++ This bug was initially created as a clone of Bug #1238558 +++

Description of problem:

Although DENY entries handle properly in the acl implementation, it is not displayed in nfs4_getfacl().

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:
1. Create a volume
2. export the volume through nfs-ganesha
3. mount the volume using nfsv4.
4. set an DENY acl which will create DENY entry in the list using nfs4_setfacl.
5. call nfs4_getfacl().

Actual results:
DENY entries are not displayed 

Expected results:
should display DENY entries

Additional info:
if even it is not displayed, permissions which are not shown in ALLOW entry will be considered as denied ones.
Comment 2 Jiffin 2015-07-06 06:21:49 UTC 
The only know issue here DENY entries won't display when u call nfs4_getfacl(). But DENY entries will handle properly with in the current implementation, i.e there is no functionality issue with DENY entries.

The user should understand that if the permission bit is not set in ALLOW entry 
it should be considered as DENY
Comment 4 monti lawrence 2015-07-22 21:02:14 UTC 
Doc text is edited. Please sign off to be included in Known Issues.
Comment 5 Jiffin 2015-07-23 07:12:17 UTC 
Verified the doc text
Comment 8 Jiffin 2015-08-27 09:37:33 UTC 
Moving the devel acks since this bug depends on BZ1251471, that bug depend on another two bugs . So can defer to next release. The fix is only merged on upstream ganesha.
Comment 12 Jiffin 2015-09-09 09:08:56 UTC 
The patch merged in upstream https://review.gerrithub.io/#/c/241287/
Comment 14 Saurabh 2015-11-03 14:30:10 UTC 
# nfs4_getfacl /mnt/acl_test/file2 
A::OWNER@:rwatTcCy
A::1601:rwatcy
D::niels@.eng.blr.redhat.com:rwa
A::niels@.eng.blr.redhat.com:tcy
A::GROUP@:rwatcy
A::EVERYONE@:watcy


The deny entry is getting displayed.
verified on nfs-ganesha-2.2.0-10.el7rhgs.x86_64
Comment 17 errata-xmlrpc 2016-03-01 05:27:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html
Note You need to log in before you can comment on or make changes to this bug.