Bug 764876 - (GLUSTER-3144) permissions given in fuse mount don't have effect in nfs mount
permissions given in fuse mount don't have effect in nfs mount
Product: GlusterFS
Classification: Community
Component: access-control (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: shishir gowda
Depends On:
  Show dependency treegraph
Reported: 2011-07-08 07:11 EDT by M S Vishwanath Bhat
Modified: 2016-05-31 21:55 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: RTNR
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description M S Vishwanath Bhat 2011-07-08 07:11:02 EDT
I Created a file with 'root' as owner and group. And removed the permissions for group and others.

debian-server1:/ment# getfacl x
# file: x
# owner: root
# group: root

Now I cd into a nfs mount with other login 'acl' This user is able to read and write even though he doesn't have any permissions on it.

debian-server1:/mont$ whoami
debian-server1:/mont$ cat x
Line 1
Line 2
Line3 form nfs acl
Comment 1 Anush Shetty 2011-07-10 00:12:04 EDT
This issue was seen on a distribute setup. I tried this on a plain distribute setup with a single export and found this. Didn't happen on a 2-replica setup.

As root:
[root@ip-10-87-33-221 ~]# rm -rf /gluster2/dot; touch /gluster2/dot
[root@ip-10-87-33-221 ~]# setfacl -m u:anush:rwx /gluster2/dot

As user:
On NFS Mount:

[anush@ip-10-87-33-221 tmp]$ echo '232323' > /nfs2/dot 
bash: /nfs2/dot: Permission denied

[anush@ip-10-87-33-221 tmp]$ echo '232323' > /mnt/export7/dot 

On FUSE mount
[anush@ip-10-87-33-221 tmp]$ echo '232323' > /gluster2/dot 
[anush@ip-10-87-33-221 tmp]$
Comment 2 shishir gowda 2011-07-11 00:10:27 EDT
Works with the latest fixes that went in for bug 764789

root@shishirng-laptop:/mnt/gluster/fuse# getfacl file
# file: file
# owner: root
# group: root

acl@shishirng-laptop:/mnt/glusterfs/fuse$ cat file
cat: file: Permission denied
acl@shishirng-laptop:/mnt/glusterfs/fuse$ echo "gluster" >file
bash: file: Permission denied

*** This bug has been marked as a duplicate of bug 3057 ***
Comment 3 M S Vishwanath Bhat 2011-07-11 03:54:05 EDT
This happened in 2.6.26 kernel version and when mounted with 'sec=sys' this issue doesn't happen. The issue happens only when 'sec=null' as mount options while mounting nfs.
Comment 4 Anand Avati 2011-07-11 04:32:07 EDT
PATCH: http://patches.gluster.com/patch/7819 in release-3.2 (nfsrpc: Re-order NFS auth array contents)
Comment 5 Anand Avati 2011-07-12 02:24:47 EDT
PATCH: http://patches.gluster.com/patch/7824 in release-3.1 (nfsrpc: Re-order NFS auth array contents)
Comment 6 Anand Avati 2011-07-13 03:01:02 EDT
PATCH: http://patches.gluster.com/patch/7884 in master (nfsrpc: Re-order NFS auth array contents)
Comment 7 M S Vishwanath Bhat 2011-07-14 03:06:48 EDT
Tested with 2.6.26, 2.6.18 and 2.6.33 kernel versions and it's working fine. Permissions set in the fuse mount does have effect in nfs mount.

Note You need to log in before you can comment on or make changes to this bug.