GlusterFS Version: 3.2.5
Linux Distro: Ubuntu Server 10.04.3 LTS
Kernel Version: 2.6.32-35-server #78-Ubuntu SMP Tue Oct 11 16:26:12 UTC 2011 x86_64 GNU/Linux

I have a Linux server that is joined to a Microsoft Active Directory domain through Samba. This same server runs glusterd and mounts the hosted gluster file systems to local mount points which are then shared out via Samba. This actually happens across two servers that mirror file systems which makes glusterfs important but I believe is not necessarily important for this bug report.

The underlying file system that glusterd hosts off of is ext4 and is mounted with the "acl" option. The glusterfs mount points are also mounted with the "acl" option.

The problem I am experiencing is that the glusterfs mount points do not seem to respect all of my user's group memberships through Samba. However if I access the files directly though the ext4 file system the group membership is respected.

Currently this problem is a blocker for me using glusterfs in a project I'm working on, so it feels rather important to me. I understand if this problem is of lower priority for the glusterfs devs though.

I originally thought this problem may be related to bug 764911 & 3792 (16 group membership limit) but after talking with some people in #gluster it was suggested I should file a new bug report.

As a side note looking into one of the ways NFS handles the 16 group membership limit I found the following article http://goo.gl/Z2rCL which recommends the NFS server flag "--manage-gids". If I am running into the 16 group membership limit glusterd implementing something like --manage-gids would be ideal for me.

Here is a example of what I am experiencing. Let me know if I can provide any more information that would be helpful. Thanks.

$ cat /etc/mtab 
...
/dev/mapper/extrastorage-glusterfs /mnt/glusterfs ext4 rw,acl 0 0
gluster:/iis /mnt/iis fuse.glusterfs rw,allow_other,max_read=131072 0 0
gluster:/sites /mnt/sites fuse.glusterfs rw,allow_other,max_read=131072 0 0

$ id
uid=1000004483(auser) gid=1000000513(agroup) groups=100001762(group00),100011164(group01),100024554(group02),100047776(group03),100056591(group04),1000000512(group05),1000000513(group06),1000000519(group07),1000000572(group08),1000001138(group09),1000001139(group10),1000001140(group11),1000001307(group12),1000001437(group13),1000001605(group14),1000001606(group15),1000001607(group16),1000032963(group17),1000034638(group18),1000034641(group19),1000036325(group20),1000042568(group21),1000045344(group22),1000045345(group23),1000045346(group24),1000045347(group25),1000045351(group26),1000056421(group27),1000056617(group28),1000056664(group29),1000056867(group30),1000056868(group31),1000056869(group32),1000056870(group33),1000058224(group34),1000058509(group35)

$ getfacl /mnt/iis
getfacl: Removing leading '/' from absolute path names
# file: mnt/iis
# owner: root
# group: root
# flags: -s-
user::rwx
group::r-x
group:group05:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:group05:rwx
default:mask::rwx
default:other::r-x

$ touch /mnt/iis/afile

$ ls -l /mnt/iis
-rw-r--r--+ 1 auser root     0 2011-12-02 10:27 afile

$ getfacl /mnt/sites
getfacl: Removing leading '/' from absolute path names
# file: mnt/sites
# owner: root
# group: root
# flags: -s-
user::rwx
group::rwx
group:group28:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:group28:rwx
default:mask::rwx
default:other::---

$ touch /mnt/sites/afile
touch: cannot touch `/mnt/sites/afile': Permission denied

$ ls -l /mnt/sites/
ls: cannot open directory /mnt/sites/: Permission denied

$ getfacl /mnt/glusterfs/sites
getfacl: Removing leading '/' from absolute path names
# file: mnt/glusterfs/sites
# owner: root
# group: root
# flags: -s-
user::rwx
group::rwx
group:group28:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:group28:rwx
default:mask::rwx
default:other::---

$ ls -l /mnt/glusterfs/sites
drwxrws---+ 2 root root 4096 2011-11-21 09:26 afolder