Bug 862908 - glusterfs ACL permission denied problem
glusterfs ACL permission denied problem
Product: GlusterFS
Classification: Community
Component: stat-prefetch (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: ---
: ---
Assigned To: bugs@gluster.org
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2012-10-03 16:52 EDT by cervajs
Modified: 2017-05-30 08:14 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-07 09:19:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
These are some of the brick logs which fill up log files with several Gigabytes per Day. (48.90 KB, text/plain)
2017-05-30 05:21 EDT, Jules
no flags Details

  None (edit)
Description cervajs 2012-10-03 16:52:29 EDT
Description of problem:
access to data with native glustefs client with ACL enabled is denied with "permission denied" message

Version-Release number of selected component (if applicable):
node1,node2 - rhel 6.3 x64, glusterfs RPMS 3.3.0 from glusterfs.org
client - rhel 6.3 i386 - compiled rpms from tarball from glusterfs.org

How reproducible:


Steps to Reproduce:

one replicated volume, filesystem XFS/EXT4(wACL), 
mounted on client with glusterfs native client with -o acl to /glusterfs

root# mkdir /glusterfs/testdir
root# setfacl -Rm g:apache:rwx,d:g:apache:rwx /glusterfs/testdir
root# su - apache
apache$ ls /glusterfs/testdir
ls: cannot open directory /glusterfs/testdir/: Permission denied

without glusterfs ACL works ok  

Actual results:

Expected results:

Additional info:
Comment 1 cervajs 2012-10-03 17:02:05 EDT
i'm tried it now from 64-bit rhel6.3 client and it works

it looks like i386(client) vs x86_64(server) bug
Comment 2 infinality 2012-12-04 10:25:38 EST
I am experiencing the same problem on RHEL 5.8.  ACLs work fine with 64 bit systems, but not i386 systems, which always result in "Permission Denied" unless you are root.
Comment 3 shishir gowda 2013-03-12 06:09:05 EDT
Can you please try mounting the client with "enable-ino32" option and check if the issue is fixed?
Comment 4 cervajs 2013-03-12 19:38:32 EDT
updated to 3.3.1. nothing changed. problem persist

with ino32 i have this problem

[root@dev ~]# mount -t glusterfs -o enable-ino32 gfs1.local:/gv0 /gfs
unknown option enable-ino32 (ignored)
Comment 5 shishir gowda 2013-03-14 07:34:35 EDT
support for enable-ino32 is not present in 3.3.1 . Release 3.4.0alpha2 has the fix.
Comment 6 shishir gowda 2013-06-04 05:53:37 EDT
Can you please confirm if the issue still exists in 3.4.0alpha2 release with using enable-ino32 option?
Comment 7 Raul Rodrigo 2013-11-09 06:19:41 EST
Hi, i have the same problem.
I try it over Ubuntu and arch linux on 32 bits with 3.4.1 gluste version.
I made:
/mnt partition xfs/ext4(with acl)
1. gluster volume create test transport tcp my-server:/mnt/.data
2. gluster volume start test
3. mount -t glusterfs -o acl my-server:/test /mnt/test
4. mkdir /mnt/test/folder
5. chown nobody:nogroup /mnt/test/folder
6. chmod 770 /mnt/test/folder
7. setfacl -m u:user1:rwx /mnt/test/folder
8. su user1
9. cd /mnt/test/folder -----> permission denied

Alternatively :
2.5 (between 2 step and 3): gluster volume set test stat-prefetch disable
Result : not work
3bis (instead of 3. With/Without step 2.5) : mount -t glusterfs -o acl,enable-ino32 my-server:/test /mnt/test
Result : not work

I try on ubuntu 12.04, 12.04.3, archlinux. On 64 bits work fine, but 32 in none.
Comment 8 David Montalva 2013-11-13 07:30:23 EST
Are there any test we can do to unblock this bug?

Comment 9 cervajs 2013-11-13 15:04:54 EST
glusterfs 3.4.0 on both nodes

[root@kernel]# mount -t glusterfs -o acl monitor.freevoice:/gfsdata /gfsdata
[root@kernel]# su - apache
-bash-4.1$ ls /gfsdata/testdir/
ls: cannot open directory /gfsdata/testdir/: Permission denied

[root@kernel]# umount  /gfsdata
[root@kernel]# mount -t glusterfs monitor.freevoice:/gfsdata /gfsdata
[root@kernel]# su - apache
-bash-4.1$ ls /gfsdata/testdir/

[root@kernel ~]# mount -t glusterfs -o acl,enable-ino32 monitor.freevoice:/gfsdata /gfsdata
[root@kernel ~]# su - apache
-bash-4.1$ ls /gfsdata/testdir/
ls: cannot open directory /gfsdata/testdir/: Permission denied

BTW there is missing info about ACL attribute (mounted with -o acl)
monitor.freevoice:/gfsdata on /gfsdata type fuse.glusterfs (rw,allow_other,max_read=131072)
Comment 10 cervajs 2013-11-14 03:16:21 EST
it was tested on 3.4.1, not on 3.4.0
Comment 12 cervajs 2014-05-27 10:06:03 EDT
any news?
Comment 13 cervajs 2014-05-27 10:39:58 EDT


rpms from gluster.org

still the same problem
Comment 14 cervajs 2014-07-30 14:50:24 EDT
any news?
Comment 15 Niels de Vos 2015-05-17 17:58:09 EDT
GlusterFS 3.7.0 has been released (http://www.gluster.org/pipermail/gluster-users/2015-May/021901.html), and the Gluster project maintains N-2 supported releases. The last two releases before 3.7 are still maintained, at the moment these are 3.6 and 3.5.

This bug has been filed against the 3,4 release, and will not get fixed in a 3.4 version any more. Please verify if newer versions are affected with the reported problem. If that is the case, update the bug with a note, and update the version if you can. In case updating the version is not possible, leave a comment in this bug report with the version you tested, and set the "Need additional information the selected bugs from" below the comment box to "bugs@gluster.org".

If there is no response by the end of the month, this bug will get automatically closed.
Comment 16 Kaleb KEITHLEY 2015-10-07 09:19:14 EDT
GlusterFS 3.4.x has reached end-of-life.

If this bug still exists in a later release please reopen this and change the version or open a new bug.
Comment 17 Jules 2017-05-30 05:04:47 EDT
I just faced into this bug.
It still occurs in latest glusterfs 3.10 release.

The only workaround to get rid with it is to set: stat-prefetch disable
Comment 18 Pranith Kumar K 2017-05-30 05:06:46 EDT
     Do you know anything about this issue?
Comment 19 Jules 2017-05-30 05:21 EDT
Created attachment 1283367 [details]
These are some of the brick logs which fill up log files with several Gigabytes per Day.
Comment 20 Jules 2017-05-30 08:14:16 EDT
changing acls like removing some with: setfacl -b <directory/file> seems not working with stat-prefetch enable which seems default setting. 
I have tried with nfs3 gfs and glusterfs fuse client. 

but except millions of exceptions getting logged like shown in the attachment ( i needed to raise: diagnostics.brick-log-level: WARNING to prevent flooding my disk) , access to those directories and files on client side seems working.
So im wondering where do the tons of permission denied comes from?

Note You need to log in before you can comment on or make changes to this bug.