Bug 843080 - Permission Denied error when executing userfiles from RHS (gluster) volume
Permission Denied error when executing userfiles from RHS (gluster) volume
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: glusterfs (Show other bugs)
2.0
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Amar Tumballi
Saurabh
:
Depends On:
Blocks: 843960
  Show dependency treegraph
 
Reported: 2012-07-25 10:16 EDT by Marcel Hergaarden
Modified: 2016-01-19 01:10 EST (History)
10 users (show)

See Also:
Fixed In Version: glusterfs-3.4.0qa5-1
Doc Type: Bug Fix
Doc Text:
Previously, a 'Permission Denied' error would occur while executing user files on Red Hat Storage volumes. Now, the access permissions are modified to execute user files on Red Hat Storage volumes.
Story Points: ---
Clone Of:
: 843960 (view as bug list)
Environment:
Last Closed: 2013-09-15 23:23:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 173173 None None None 2012-07-27 08:23:58 EDT

  None (edit)
Description Marcel Hergaarden 2012-07-25 10:16:29 EDT
Description of problem:

When a file has the following file permissions:  “rwx--x--x”  it should be executable for a regular (non-root) user.  This is true for a regular filesystem and NFS.

Within a glustervolume which has been mounted using the glusterfs-fuse option, it is not possible to run the executable which has above file permissions set. However, when the glustervolume has been mounted on a client using NFS as mountoption then the file can be executed as expected.

Version-Release number of selected component (if applicable):

RHSS 2.0

How reproducible:

Create a Glustervolume, copy an executable file into this volume.
Change the permissions to 711 rwx--x--x
Login as a non-root user and try to execute the executable file with above permissions. You will only get Permission Denied as a non-root user.

Steps to Reproduce:
1.Create RHS glustervolume, mount it using Fuse (glusterFS)
2.Create an executable file into the glustervolume and chmod this 711
3.Login as a normal user and try to execute that file with rwx--x--x permission
  
Actual results:

Permission Denied

Expected results:

Normal executable like in a regular filesystem

Additional info:

Those permissions are set by an application and cannot be altered.
It is very important to a customer who is prospect for RHSS 2.0
Comment 2 Amar Tumballi 2012-07-26 07:09:38 EDT
noticed that this is an issue because linux fs is handled differently for FMODE_EXEC (linux/fs.h) we don't handle that flag at all as of today... I noticed client got open flag as 0100040 and resulting converted flag was 0 (considering glusterfs.h took out O_LARGEFILE(0100000)), we didn't handle the flag in protocol convert, and hence came up with no read permissions in posix_acl_open()

-Amar
Comment 3 Amar Tumballi 2012-07-26 07:50:01 EDT
possible fix submitted @ http://review.gluster.com/3739
Comment 4 Sayan Saha 2012-07-27 08:37:58 EDT
Amar,

Let's plan for this fix to be pushed out in the next update i.e. update 2 for 2.0.z.
Comment 7 Amar Tumballi 2012-07-28 04:59:11 EDT
patch (http://review.gluster.com/3739 - acl: enable handling of FMODE_EXEC flag) approved and applied on upstream.
Comment 9 Pavithra 2013-08-27 05:55:25 EDT
Kindly verify the edited doc text for technical accuracy and sign off.
Comment 10 shishir gowda 2013-09-02 05:05:28 EDT
Doc text looks good to me
Comment 12 errata-xmlrpc 2013-09-15 23:23:05 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html

Note You need to log in before you can comment on or make changes to this bug.