Bug 887263 - gnfs-root-squash: read successful from nfsnobody for files created by root
gnfs-root-squash: read successful from nfsnobody for files created by root
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: glusterd (Show other bugs)
2.0
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: vpshastry
Saurabh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-14 08:42 EST by Saurabh
Modified: 2016-01-19 01:11 EST (History)
10 users (show)

See Also:
Fixed In Version: glusterfs-3.4.0qa8, glusterfs-3.3.0.5rhs-42
Doc Type: Bug Fix
Doc Text:
Cause: Consequence: Read was successful while root-squashing is on which is not an expected behavior with root-squash on. Fix: Made changes to nfs access call. Result: Not possible to read to the file with no read permission to nfsnobody while root-squash is on.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-08 00:54:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Saurabh 2012-12-14 08:42:11 EST
Description of problem:

------------   
On server
------------
[root@localhost ~]# gluster volume info dist-rep
 
Volume Name: dist-rep
Type: Distributed-Replicate
Volume ID: 3a9fb84b-6f4b-4bd6-aa2b-6fe86fbc44be
Status: Started
Number of Bricks: 2 x 2 = 4
Transport-type: tcp
Bricks:
Brick1: 10.70.37.148:/export/dr
Brick2: 10.70.37.149:/export/drr
Brick3: 10.70.37.164:/export/ddr
Brick4: 10.70.37.101:/export/ddrr
Options Reconfigured:
features.root-squashing: enable

------------- 
On client
-------------

"with root user" (specifically since root-squash is enabled, so it behaves like nfsnobody)
[root@dhcp159-239 dir]# ls -l
drwxr-xr-x. 3 root      root      46 Dec 12 19:14 dir-n1

[root@dhcp159-239 dir]# ls -l dir-n1/1
-rwxrwx---. 1 root root 16 Dec 13 19:28 dir-n1/1
[root@dhcp159-239 dir]# 



[root@dhcp159-239 dir]# cat dir-n1/1
Hello 1\
jilted
[root@dhcp159-239 dir]# 

[root@dhcp159-239 dir]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023



"after adding a new user called as dev1 under a new group called as devel"

[dev1@dhcp159-239 dir]$ cat dir-n1/1
cat: dir-n1/1: Permission denied
[dev1@dhcp159-239 dir]$ 

[dev1@dhcp159-239 dir]$ id
uid=500(dev1) gid=501(dev1) groups=501(dev1),500(devel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[dev1@dhcp159-239 dir]$ 



Other then this problem, found out some other issue as well, hence filed this bug-887145. 

Version-Release number of selected component (if applicable):
glusterfs-3.3.0.5rhs-37.el6rhs.0.goldman.x86_64

How reproducible:
always
Comment 2 Raghavendra Bhat 2013-01-23 06:59:56 EST
http://review.gluster.org/#change,4415 has been submitted for review.
Comment 3 Divya 2013-02-12 07:03:50 EST
Varun,

This bug has been added to Update 4 errata. Could you provide your inputs in doc text field which will enable me to update errata??

Thanks,
Divya
Comment 5 Scott Haines 2013-04-08 00:54:57 EDT
Moving bug to CLOSED -> ERRATA.  Issue addressed in Advisory RHSA-2013:0691

http://rhn.redhat.com/errata/RHSA-2013-0691.html

Note You need to log in before you can comment on or make changes to this bug.