1277886 – FSAL_GLUSTER : if only DENY entry is set for a user/group, then it lost all its default permission

Bug 1277886 - FSAL_GLUSTER : if only DENY entry is set for a user/group, then it lost all its default permission

Summary: FSAL_GLUSTER : if only DENY entry is set for a user/group, then it lost all i...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	nfs-ganesha
Sub Component:
Version:	rhgs-3.1
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	RHGS 3.1.2
Assignee:	Bug Updates Notification Mailing List
QA Contact:	Matt Zywusko
Docs Contact:
URL:
Whiteboard:
Depends On:	1277877
Blocks:	1260783
TreeView+	depends on / blocked

Reported:	2015-11-04 10:09 UTC by Jiffin
Modified:	2016-03-01 05:51 UTC (History)
CC List:	10 users (show)
Fixed In Version:	nfs-ganesha-2.2.0-11
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1277877
Environment:
Last Closed:	2016-03-01 05:51:01 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0193	0	normal	SHIPPED_LIVE	Red Hat Gluster Storage 3.1 update 2	2016-03-01 10:20:36 UTC

Description Jiffin 2015-11-04 10:09:39 UTC

+++ This bug was initially created as a clone of Bug #1277877 +++

Description of problem:
If only  one DENY entry is set for the user/group ,then all of the existing permission(by default it will permission of everyone) will be lost

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:
1.Export a gluster volume via ganesha with acls enabled
2.Mount the volume using nfsv4
3.create a file
4.Now set a DENY ENTRY for that file(no corresponding ALLOW ENTRY should exist) 

example
at the mount point

# touch file
# nfs4_getfacl file

A::OWNER@:rwatTcCy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

nfs4_setfacl -a D::user_b@{$DOMAIN}:W file

Actual results:
nfs4_getfacl file

A::OWNER@:rwatTcCy
D::user_b@{$DOMAIN}:rwa
A::user_b@{$DOMAIN}:tcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy


Expected results:
nfs4_getfacl file

A::OWNER@:rwatTcCy
D::user_b@{$DOMAIN}:wa
A::user_b@{$DOMAIN}:rtcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

Additional info:

Comment 2 Jiffin 2015-11-04 10:21:11 UTC

The patch is sent for upstream for review  https://review.gerrithub.io/#/c/251342/

Comment 4 Saurabh 2015-11-23 09:52:56 UTC

tested it on latest build, i.e.
nfs-ganesha-2.2.0-11.el7rhgs.x86_64

and result is as expected,
# nfs4_getfacl /mnt/acl-test/fil1
A::OWNER@:rwatTcCy
D::ric.blr.redhat.com:wa
A::ric.blr.redhat.com:rtcy
A::GROUP@:rwatcy
A::EVERYONE@:rwatcy

Comment 7 errata-xmlrpc 2016-03-01 05:51:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html

Note You need to log in before you can comment on or make changes to this bug.