Bug 862908 - glusterfs ACL permission denied problem
glusterfs ACL permission denied problem
Status: CLOSED EOL
Product: GlusterFS
Classification: Community
Component: access-control (Show other bugs)
3.4.1
Unspecified Unspecified
medium Severity unspecified
: ---
: ---
Assigned To: Nagaprasad Sathyanarayana
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-03 16:52 EDT by cervajs
Modified: 2016-02-17 19:20 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-07 09:19:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description cervajs 2012-10-03 16:52:29 EDT
Description of problem:
access to data with native glustefs client with ACL enabled is denied with "permission denied" message



Version-Release number of selected component (if applicable):
node1,node2 - rhel 6.3 x64, glusterfs RPMS 3.3.0 from glusterfs.org
client - rhel 6.3 i386 - compiled rpms from tarball from glusterfs.org

How reproducible:

always

Steps to Reproduce:

one replicated volume, filesystem XFS/EXT4(wACL), 
mounted on client with glusterfs native client with -o acl to /glusterfs

root# mkdir /glusterfs/testdir
root# setfacl -Rm g:apache:rwx,d:g:apache:rwx /glusterfs/testdir
root# su - apache
apache$ ls /glusterfs/testdir
ls: cannot open directory /glusterfs/testdir/: Permission denied

without glusterfs ACL works ok  


Actual results:


Expected results:


Additional info:
Comment 1 cervajs 2012-10-03 17:02:05 EDT
i'm tried it now from 64-bit rhel6.3 client and it works

it looks like i386(client) vs x86_64(server) bug
Comment 2 infinality 2012-12-04 10:25:38 EST
I am experiencing the same problem on RHEL 5.8.  ACLs work fine with 64 bit systems, but not i386 systems, which always result in "Permission Denied" unless you are root.
Comment 3 shishir gowda 2013-03-12 06:09:05 EDT
Can you please try mounting the client with "enable-ino32" option and check if the issue is fixed?
Comment 4 cervajs 2013-03-12 19:38:32 EDT
updated to 3.3.1. nothing changed. problem persist

with ino32 i have this problem

[root@dev ~]# mount -t glusterfs -o enable-ino32 gfs1.local:/gv0 /gfs
unknown option enable-ino32 (ignored)
Comment 5 shishir gowda 2013-03-14 07:34:35 EDT
support for enable-ino32 is not present in 3.3.1 . Release 3.4.0alpha2 has the fix.
Comment 6 shishir gowda 2013-06-04 05:53:37 EDT
Can you please confirm if the issue still exists in 3.4.0alpha2 release with using enable-ino32 option?
Comment 7 Raul Rodrigo 2013-11-09 06:19:41 EST
Hi, i have the same problem.
I try it over Ubuntu and arch linux on 32 bits with 3.4.1 gluste version.
I made:
/mnt partition xfs/ext4(with acl)
1. gluster volume create test transport tcp my-server:/mnt/.data
2. gluster volume start test
3. mount -t glusterfs -o acl my-server:/test /mnt/test
4. mkdir /mnt/test/folder
5. chown nobody:nogroup /mnt/test/folder
6. chmod 770 /mnt/test/folder
7. setfacl -m u:user1:rwx /mnt/test/folder
8. su user1
9. cd /mnt/test/folder -----> permission denied

Alternatively :
2.5 (between 2 step and 3): gluster volume set test stat-prefetch disable
Result : not work
3bis (instead of 3. With/Without step 2.5) : mount -t glusterfs -o acl,enable-ino32 my-server:/test /mnt/test
Result : not work

I try on ubuntu 12.04, 12.04.3, archlinux. On 64 bits work fine, but 32 in none.
Comment 8 David Montalva 2013-11-13 07:30:23 EST
Are there any test we can do to unblock this bug?

Thanks.
Comment 9 cervajs 2013-11-13 15:04:54 EST
glusterfs 3.4.0 on both nodes

[root@kernel]# mount -t glusterfs -o acl monitor.freevoice:/gfsdata /gfsdata
[root@kernel]# su - apache
-bash-4.1$ ls /gfsdata/testdir/
ls: cannot open directory /gfsdata/testdir/: Permission denied


[root@kernel]# umount  /gfsdata
[root@kernel]# mount -t glusterfs monitor.freevoice:/gfsdata /gfsdata
[root@kernel]# su - apache
-bash-4.1$ ls /gfsdata/testdir/
-bash-4.1$

[root@kernel ~]# mount -t glusterfs -o acl,enable-ino32 monitor.freevoice:/gfsdata /gfsdata
[root@kernel ~]# su - apache
-bash-4.1$ ls /gfsdata/testdir/
ls: cannot open directory /gfsdata/testdir/: Permission denied



BTW there is missing info about ACL attribute (mounted with -o acl)
[root@kernel]#mount 
monitor.freevoice:/gfsdata on /gfsdata type fuse.glusterfs (rw,allow_other,max_read=131072)
Comment 10 cervajs 2013-11-14 03:16:21 EST
it was tested on 3.4.1, not on 3.4.0
Comment 12 cervajs 2014-05-27 10:06:03 EDT
any news?
Comment 13 cervajs 2014-05-27 10:39:58 EDT
tested 

client:glusterfs-3.5.0-2.el6.i686
server:glusterfs-3.5.0-2.el6.x86_64

rpms from gluster.org

still the same problem
Comment 14 cervajs 2014-07-30 14:50:24 EDT
any news?
Comment 15 Niels de Vos 2015-05-17 17:58:09 EDT
GlusterFS 3.7.0 has been released (http://www.gluster.org/pipermail/gluster-users/2015-May/021901.html), and the Gluster project maintains N-2 supported releases. The last two releases before 3.7 are still maintained, at the moment these are 3.6 and 3.5.

This bug has been filed against the 3,4 release, and will not get fixed in a 3.4 version any more. Please verify if newer versions are affected with the reported problem. If that is the case, update the bug with a note, and update the version if you can. In case updating the version is not possible, leave a comment in this bug report with the version you tested, and set the "Need additional information the selected bugs from" below the comment box to "bugs@gluster.org".

If there is no response by the end of the month, this bug will get automatically closed.
Comment 16 Kaleb KEITHLEY 2015-10-07 09:19:14 EDT
GlusterFS 3.4.x has reached end-of-life.

If this bug still exists in a later release please reopen this and change the version or open a new bug.

Note You need to log in before you can comment on or make changes to this bug.