Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1238561 - FSAL_GLUSTER : nfs4_getfacl do not display DENY entries
FSAL_GLUSTER : nfs4_getfacl do not display DENY entries
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: nfs-ganesha (Show other bugs)
3.1
All All
medium Severity medium
: ---
: RHGS 3.1.2
Assigned To: Jiffin
Matt Zywusko
: ZStream
Depends On: 1238558 1251471
Blocks: 1216951 1260783
  Show dependency treegraph
 
Reported: 2015-07-02 03:16 EDT by Jiffin
Modified: 2016-03-01 00:27 EST (History)
13 users (show)

See Also:
Fixed In Version: nfs-ganesha-2.2.0-10
Doc Type: Bug Fix
Doc Text:
Although Deny entires are handled in nfs4_setfacl, it cannot be stored in the backend(DENY entry cannot connvert in POSIX acl). Due to this, DENY entries won't display in nfs4_getfacl. With this fix, posix acl are populated based on both ALLOW and DENY entry using algorthim mentioned in https://tools.ietf.org/html/draft-ietf-nfsv4-acl-mapping-05. nfs4_getfacl will now print the DENY entries if necessary.
Story Points: ---
Clone Of: 1238558
Environment:
Last Closed: 2016-03-01 00:27:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0193 normal SHIPPED_LIVE Red Hat Gluster Storage 3.1 update 2 2016-03-01 05:20:36 EST

  None (edit)
Description Jiffin 2015-07-02 03:16:53 EDT 
+++ This bug was initially created as a clone of Bug #1238558 +++

Description of problem:

Although DENY entries handle properly in the acl implementation, it is not displayed in nfs4_getfacl().

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:
1. Create a volume
2. export the volume through nfs-ganesha
3. mount the volume using nfsv4.
4. set an DENY acl which will create DENY entry in the list using nfs4_setfacl.
5. call nfs4_getfacl().

Actual results:
DENY entries are not displayed 

Expected results:
should display DENY entries

Additional info:
if even it is not displayed, permissions which are not shown in ALLOW entry will be considered as denied ones.
Comment 2 Jiffin 2015-07-06 02:21:49 EDT 
The only know issue here DENY entries won't display when u call nfs4_getfacl(). But DENY entries will handle properly with in the current implementation, i.e there is no functionality issue with DENY entries.

The user should understand that if the permission bit is not set in ALLOW entry 
it should be considered as DENY
Comment 4 monti lawrence 2015-07-22 17:02:14 EDT 
Doc text is edited. Please sign off to be included in Known Issues.
Comment 5 Jiffin 2015-07-23 03:12:17 EDT 
Verified the doc text
Comment 8 Jiffin 2015-08-27 05:37:33 EDT 
Moving the devel acks since this bug depends on BZ1251471, that bug depend on another two bugs . So can defer to next release. The fix is only merged on upstream ganesha.
Comment 12 Jiffin 2015-09-09 05:08:56 EDT 
The patch merged in upstream https://review.gerrithub.io/#/c/241287/
Comment 14 Saurabh 2015-11-03 09:30:10 EST 
# nfs4_getfacl /mnt/acl_test/file2 
A::OWNER@:rwatTcCy
A::1601:rwatcy
D::niels@.eng.blr.redhat.com:rwa
A::niels@.eng.blr.redhat.com:tcy
A::GROUP@:rwatcy
A::EVERYONE@:watcy


The deny entry is getting displayed.
verified on nfs-ganesha-2.2.0-10.el7rhgs.x86_64
Comment 17 errata-xmlrpc 2016-03-01 00:27:58 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.