Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The GlusterFS volume has root-squashing disabled by default and is not desirable in production environments. With root squashing enabled, if a RHS volume is accessed from a client using the "root" user id then the incoming requests are converted to user "nobody". The Gluster CLI does not allow enabling this feature. gluster> volume set gvol0 root-squashing enable option : root-squashing does not exist Did you mean count-fop-hits or flush-behind? Set volume unsuccessful
>> root squashing is disabled by default and can be turned on by >> >> "gluster volume set<VOLNAME> root-squashing on" >> > Thanks. Is there a feature page with supported usecase against this? Not sure about any feature pages. However, the functionality should be the same as for RHEL NFS-servers. From 'man 5 exports' on a RHEL NFS-server: root_squash Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive, such as user bin or group staff. Testing should be done by mounting a volume and do some file operations as root. These operations should be executed as user nobody instead. From my understanding, both volumes mounted over NFS and GlusterFS-native should be affected.
According to customer testing, with root squashing enabled the "write" behavior is correct but the "read" behavior is incorrect ie "others" are allowed access even though the permission is set to 770.
Moving the bug to ON_QA as the CLI option is now available for root-squashing. And there are different bugs opened for tracking issues like comment #7 (bug 887145 and bug 887263)
Upstream Bug 896408: Gluster CLI does not allow setting root squashing.
Varun, This bug has been added to Update 4 errata. Could you provide your inputs in doc text field which will enable me to update errata?? Thanks, Divya
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0691.html