Red Hat Bugzilla – Bug 843080
Permission Denied error when executing userfiles from RHS (gluster) volume
Last modified: 2016-01-19 01:10:29 EST
Description of problem:
When a file has the following file permissions: “rwx--x--x” it should be executable for a regular (non-root) user. This is true for a regular filesystem and NFS.
Within a glustervolume which has been mounted using the glusterfs-fuse option, it is not possible to run the executable which has above file permissions set. However, when the glustervolume has been mounted on a client using NFS as mountoption then the file can be executed as expected.
Version-Release number of selected component (if applicable):
Create a Glustervolume, copy an executable file into this volume.
Change the permissions to 711 rwx--x--x
Login as a non-root user and try to execute the executable file with above permissions. You will only get Permission Denied as a non-root user.
Steps to Reproduce:
1.Create RHS glustervolume, mount it using Fuse (glusterFS)
2.Create an executable file into the glustervolume and chmod this 711
3.Login as a normal user and try to execute that file with rwx--x--x permission
Normal executable like in a regular filesystem
Those permissions are set by an application and cannot be altered.
It is very important to a customer who is prospect for RHSS 2.0
noticed that this is an issue because linux fs is handled differently for FMODE_EXEC (linux/fs.h) we don't handle that flag at all as of today... I noticed client got open flag as 0100040 and resulting converted flag was 0 (considering glusterfs.h took out O_LARGEFILE(0100000)), we didn't handle the flag in protocol convert, and hence came up with no read permissions in posix_acl_open()
possible fix submitted @ http://review.gluster.com/3739
Let's plan for this fix to be pushed out in the next update i.e. update 2 for 2.0.z.
patch (http://review.gluster.com/3739 - acl: enable handling of FMODE_EXEC flag) approved and applied on upstream.
Kindly verify the edited doc text for technical accuracy and sign off.
Doc text looks good to me
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.