Bug 747112 - tenant's root dir is not writeable by default
Summary: tenant's root dir is not writeable by default
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: hekafs
Version: 16
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Kaleb KEITHLEY
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-18 20:26 UTC by Kaleb KEITHLEY
Modified: 2011-11-05 01:34 UTC (History)
2 users (show)

Fixed In Version: hekafs-0.7-16.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-05 01:34:31 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kaleb KEITHLEY 2011-10-18 20:26:05 UTC 
Description of problem:

when a volume is started, the tenant's directory is created. The default mode and root's umask result in the directory having root:root 0755 and when mounted by a client cannot be written to.

Version-Release number of selected component (if applicable):

0.7-15

How reproducible:

always

Steps to Reproduce:
https://fedoraproject.org/wiki/Test_Day:2011-10-20_HekaFS, test cases 1, 2, 3
  
Actual results:


Expected results:


Additional info:
Comment 1 Kaleb KEITHLEY 2011-10-18 20:28:51 UTC 
diff --git a/scripts/hfs_start_volume.py b/scripts/hfs_start_volume.py
index a85886c..6f28dc5 100755
--- a/scripts/hfs_start_volume.py
+++ b/scripts/hfs_start_volume.py
@@ -186,6 +186,7 @@ def create_tenant_dirs(vol_file):
                        os.mkdir(ppath)
                if not os.path.exists(path):
                        os.mkdir(path)
+                       os.chmod(path, 0777)
        opt_dir_lines.close()
 
 def start_local (vol_name):
Comment 2 Jeff Darcy 2011-10-18 20:52:37 UTC 
I think we need to look into this a little further.  The server daemons run as root.  There's code there to have them call setfsuid/setfsgid, but that code's conditional on HAVE_SET_FSID which is explicitly undefined (posix.c line 64).  Therefore we should still be root when we actually make I/O calls, and with mode 0755 the OS shouldn't be rejecting them - unless it's an SELinux thing, in which case let's fix that.  The other possibility is that accesses are being rejected by the posix-acl translator, because the UID has been mapped to something that's not recognized as super-user.  This is a known issue with access-control since 3.2.4 or so, and is why http://review.gluster.com/#change,332 exists.  That patch allows some UID other than zero to be treated as super-user, which I believe would fix this problem, but nothing in the HekaFS volume/tenant management sets the necessary option.

Even if neither the SELinux nor posix-acl explanations turns out to be the case, we should be able to do better than to create world-writable directories.  Why can't we chown the directory to the root UID for that tenant instead?
Comment 3 Kaleb KEITHLEY 2011-10-19 19:32:48 UTC 
Enabling HAVE_SET_FSID made no difference.
Comment 4 Kaleb KEITHLEY 2011-10-19 19:34:57 UTC 
And there's nothing in /var/log/setroubleshoot logs, and the SELinux Troubleshooter does not indicate any problems from glusterfsd
Comment 5 Jeff Darcy 2011-10-19 20:17:32 UTC 
Just to capture an in-person conversation between Kaleb and myself about this...

We seem to be dealing with two issues here.  One is almost a philosophical question question: should the tenant root have "tmp-like" behavior (world writable) or "root-like" behavior (only writable by the per-tenant root user)?  Giving it tmp-like behavior just means setting its mode to 01777 - sticky bit set to prevent users from removing each others' files.  Giving it root-like (or any other) behavior is more complicated, but is probably what we want in the long term.  The problem there is that we need to set things up so that posix-acl will work, so the root-directory creation would look something like this:

   tenant_root = hfs_utils.get_tenant_root(tenant)
   os.mkdir(path)
   os.chown(path,tenant_root)
   os.chmod(path,0777)

There's also another important piece, when we're modifying the volfile:

   posix_acl_xlator.options["super-uid"] = tenant_root

That way, posix_acl will do the correct permissions checks, with a result just like the root directory of a local filesystem.  If the volume were mounted on /home, for example then useradd etc. would run as tenant-root and be able to mkdir/chown per-user subdirectories on the volume root directory which it owns.

For now, tmp-like behavior is OK.  Longer term, we'll have to hack the management code to implement root-like behavior.
Comment 6 Kaleb KEITHLEY 2011-10-21 12:24:09 UTC 
fixed in ssh://git.fedorahosted.org/git/CloudFS.git

commit 500f3f0a59d7f73aff9f4848f0025e77a287d314
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Thu Oct 20 10:51:32 2011 -0400
Comment 7 Fedora Update System 2011-10-21 14:13:06 UTC 
hekafs-0.7-16.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/hekafs-0.7-16.fc16
Comment 8 Fedora Update System 2011-10-22 00:11:46 UTC 
Package hekafs-0.7-16.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing hekafs-0.7-16.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-14711
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2011-11-05 01:34:31 UTC 
hekafs-0.7-16.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.