Bug 1254151 - Non root user failed to delete empty directory which has no read permission, exit with "Permission denied" [NEEDINFO]
Non root user failed to delete empty directory which has no read permission, ...
Status: ASSIGNED
Product: GlusterFS
Classification: Community
Component: access-control (Show other bugs)
mainline
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Raghavendra Bhat
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-17 05:48 EDT by Suvendu Mitra
Modified: 2016-08-23 08:42 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
suvendu.mitra: needinfo? (rabhat)


Attachments (Terms of Use)

  None (edit)
Description Suvendu Mitra 2015-08-17 05:48:55 EDT
Description of problem:
Non root user failed to delete empty directory which has no read permission, we used at client side "fuse.glusterfs" mount

Version-Release number of selected component (if applicable):
glusterfs-3.6.2

How reproducible:
create a director, remove the read permission and try to delete it

[root@CLA-0(test) /root]
# su - iotest
[iotest@CLA-0(test) /home/iotest]
#  mkdir -p ldq
[iotest@CLA-0(test) /home/iotest]
# chmod -r ldq
[iotest@CLA-0(test) /home/iotest]
# ls -l
total 4
d-wx--x--x 2 iotest iotest 4096 Aug 17 11:08 ldq
[iotest@CLA-0(test) /home/iotest]
# ls ldq/
ls: cannot open directory ldq/: Permission denied
[iotest@CLA-0(test) /home/iotest]


Steps to Reproduce:
1. su - itest
2. mkdir -p ldx 
3. chmod -r ldx
4. ls -l
total 4
d-wx--x--x 2 itest itest 4096 Aug 17 11:08 ldx
5. rm -rf ldx


Actual results:
"rm: cannot remove ‘ldx’: Permission denied"

Expected results:
user can delete the empty directory when directory have no read permission

Additional info:
Gluster Client side log
"""

[2015-08-14 02:53:13.343894] W [fuse-bridge.c:1322:fuse_unlink_cbk] 0-glusterfs-fuse: 1168341: RMDIR() /itest/ldx => -1 (Permission denied)
[2015-08-14 05:51:20.630630] I [dht-selfheal.c:1065:dht_selfheal_layout_new_directory] 0-home-dht: chunk size = 0xffffffff / 943 = 0x457f52
[2015-08-14 05:51:20.630716] I [dht-selfheal.c:1103:dht_selfheal_layout_new_directory] 0-home-dht: assigning range size 0xffffff0e to home-replicate-0
[2015-08-14 05:51:20.631806] I [MSGID: 109036] [dht-common.c:6222:dht_log_new_layout_for_dir_selfheal] 0-home-dht: Setting layout of /itest/ldx with [Subvol_name: home-replicate-0, Err: -1 , Start: 0 , Stop: 4294967295 ], 
[2015-08-14 05:52:20.602914] E [client-rpc-fops.c:2680:client3_3_opendir_cbk] 0-home-client-0: remote operation failed: Permission denied. Path: /itest/ldx (80ae9ec0-97b2-4503-9611-8a795c7596d1)
[2015-08-14 05:52:20.603043] E [client-rpc-fops.c:2680:client3_3_opendir_cbk] 0-home-client-1: remote operation failed: Permission denied. Path: /itest/ldx (80ae9ec0-97b2-4503-9611-8a795c7596d1)
[2015-08-14 05:52:20.603067] W [fuse-bridge.c:1322:fuse_unlink_cbk] 0-glusterfs-fuse: 1324660: RMDIR() /itest/ldx => -1 (Permission denied)
[2015-08-14 05:53:59.040577] E [client-rpc-fops.c:2680:client3_3_opendir_cbk] 0-home-client-1: remote operation failed: Permission denied. Path: /itest/ldx (80ae9ec0-97b2-4503-9611-8a795c7596d1)
[2015-08-14 05:53:59.040606] E [client-rpc-fops.c:2680:client3_3_opendir_cbk] 0-home-client-0: remote operation failed: Permission denied. Path: /itest/ldx (80ae9ec0-97b2-4503-9611-8a795c7596d1)
"""
Server side log
"""
[2015-08-17 09:21:53.815318] E [server-rpc-fops.c:648:server_opendir_cbk] 0-home-server: 3299336: OPENDIR /iotest/ldq (a543bb80-4a2e-4250-b5d1-b05f41b0fadf) ==> (Permission denied)
"""
Comment 1 Suvendu Mitra 2015-09-15 09:03:26 EDT
Any update on this bug.
Comment 2 Niels de Vos 2016-08-23 08:42:48 EDT
GlusterFS-3.6 is nearing its End-Of-Life, only important security bugs still make a chance on getting fixed. Moving this to the mainline 'version'. If this needs to get fixed in 3.7 or 3.8 this bug should get cloned.

Note You need to log in before you can comment on or make changes to this bug.