This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 764911 - (GLUSTER-3179) Access denied reproted by Apache
Access denied reproted by Apache
Status: CLOSED DUPLICATE of bug 767229
Product: GlusterFS
Classification: Community
Component: access-control (Show other bugs)
mainline
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: shishir gowda
:
: GLUSTER-3841 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-15 13:00 EDT by Anand Avati
Modified: 2015-09-01 19:05 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-02 00:33:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Anand Avati 2011-07-15 10:11:41 EDT
Am 15.07.2011 18:43, schrieb Anand Avati:
> Can you please give the following outputs run as root?
>
> sh# ls -ld /<mnt>/clients/client23/web78/web/

drwx--x--- 16 web78 client23 4.0K 2011-07-15 16:55
/srv/www/clients/client23/web78/web/

> Also get us the output of /proc/<pid>/status of the running apache
> process.

One out of 118

Tgid:   32576
Pid:    32576
PPid:   14457
TracerPid:      0
Uid:    30      30      30      30
Gid:    8       8       8       8
FDSize: 64
Groups: 8 310 5003 5004 5004 5005 5006 5007 5008 5009 5010 5011 5012
5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5028 5029
VmPeak:   390160 kB
VmSize:   385756 kB
VmLck:         0 kB
VmHWM:     28332 kB
VmRSS:     25384 kB
VmData:    17976 kB
VmStk:       136 kB
VmExe:       432 kB
VmLib:     35052 kB
VmPTE:       736 kB
VmSwap:      192 kB
Threads:        1
SigQ:   0/30830
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000001000
SigCgt: 000000018c0046eb
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
Cpus_allowed:   3
Cpus_allowed_list:      0-1
Mems_allowed:
00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        10177
nonvoluntary_ctxt_switches:     136

> Have you upgraded both the client and server to 3.2.2?

Gluster is used on two servers (which are at the same time clients) and
both have been upgraded to 3.2.2 (meanwhile downgraded back to 3.2.1).

Suprisingly, Postfix/Amavis on another Gluster volume went fine, also
from the (root) shell, I could access/create/move/delete files on the
web volume.
Comment 1 Anand Avati 2011-07-15 10:25:10 EDT
drwx--x--- 16 web78 client23 4.0K 2011-07-15 16:55
/srv/www/clients/client23/web78/web/

> Also get us the output of /proc/<pid>/status of the running apache
> process.

One out of 118

Tgid:   32576
Pid:    32576
PPid:   14457
TracerPid:      0
Uid:    30      30      30      30
Gid:    8       8       8       8
FDSize: 64
Groups: 8 310 5003 5004 5004 5005 5006 5007 5008 5009 5010 5011 5012
5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5028 5029

OK, the problem here seems to be that you have > 16 aux groups. The protocol in 3.1/3.2 has support for carrying over 16 aux gids to the server, which was inherited from NFS' rpc-auth (unix/sys). If your application has fewer than 16 secondary groups, it will work fine for you. You will see this issue even with NFS.

We plan to bump up this limit in a future version of the protocol. But that would break compatibility. While we figure out a workaround for your situation, please continue to use 3.2.1.

Avati
Comment 2 Anand Avati 2011-07-15 13:00:37 EDT
Well... after having installed that version, my system is DOWN and broken.

Apache reports "Access denied" although the file is accessible and has
proper rights. Or the even simply does not exist which never harmed before.

[2011-07-15 16:58:47.494602] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:47.494716] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 645442: LOOKUP() /clients/client23/web78/web/.htaccess
=> -1 (Permission denied)
[2011-07-15 16:58:47.496399] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:47.497217] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:47.497707] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:47.498199] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:47.498258] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 645444: LOOKUP() /clients/client23/web78/web/error =>
-1 (Permission denied)
[2011-07-15 16:58:47.499366] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:47.499576] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:47.499634] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 645446: LOOKUP() /clients/client23/web78/web/error =>
-1 (Permission denied)
[2011-07-15 16:58:47.502940] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:47.503405] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:47.503466] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 645451: LOOKUP() /clients/client23/web78/web/.htaccess
=> -1 (Permission denied)
[2011-07-15 16:58:55.406148] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:55.406507] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:55.406566] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 647556: LOOKUP() /clients/client23/web78/web/.htaccess
=> -1 (Permission denied)
[2011-07-15 16:58:55.409952] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-0: remote
operation failed: Permission denied
[2011-07-15 16:58:55.410355] I
[client3_1-fops.c:2228:client3_1_lookup_cbk] 0-www-client-1: remote
operation failed: Permission denied
[2011-07-15 16:58:55.410411] W [fuse-bridge.c:184:fuse_entry_cbk]
0-glusterfs-fuse: 647560: LOOKUP() /clients/client23/web78/web/.htaccess
=> -1 (Permission denied)
Comment 3 shishir gowda 2011-12-05 01:56:57 EST
*** Bug 3841 has been marked as a duplicate of this bug. ***
Comment 4 shishir gowda 2012-02-02 00:33:55 EST
Fix for bug 767229 has a patch for increasing the aux gid limit to 200.

*** This bug has been marked as a duplicate of bug 767229 ***

Note You need to log in before you can comment on or make changes to this bug.