Bug 961670 - fuse-root-squash: read happens even
fuse-root-squash: read happens even
Status: CLOSED EOL
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: glusterd (Show other bugs)
2.1
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Bug Updates Notification Mailing List
Saurabh
: ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-10 04:56 EDT by Saurabh
Modified: 2016-01-19 01:14 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
Cause: open-behind delaying the open calls Consequence: in fuse when root-squash is enabled, the file can be read even though it does not have read permissions i.e root requests will be converted to nfsnobody and as per the file permissions nfsnobody does not have the read permission. Workaround (if any): Turn off open-behind Result: With open-behind turned off it behaves properly i.e file with no read permissions for others cannot be read upon requests getting root-squashed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-03 12:25:00 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Saurabh 2013-05-10 04:56:19 EDT
Description of problem:
root-squash enabled and still from fuse mount the file can be read whereas from nfs mount point it works fine

Version-Release number of selected component (if applicable):
glusterfs-3.4.0.5rhs-1.el6rhs.x86_64

How reproducible:
Happening on this build, always.

Steps to Reproduce:
1. volume create, start volume
2. nfs and fuse mount on different clients
3. on nfs mount, create a file "f"
4. on nfs mount point, chmod 700 f
5. root-squash enable
6. on nfs mount , cat a and cat >> a
7. on fuse mount, cat a and cat >> a
  
Actual results:
logs of nfs mount,
[root@rhel6 nfs-test]# cat a
cat: a: Permission denied
[root@rhel6 nfs-test]# cat >> a
-bash: a: Permission denied
[root@rhel6 nfs-test]#

logs of fuse mount,
[root@rhsauto020 glusterfs-test]# cat a
Hello World
I am here
[root@rhsauto020 glusterfs-test]# 
[root@rhsauto020 glusterfs-test]# cat >> a
boom 
cat: write error: Permission denied
cat: write error: Permission denied
[root@rhsauto020 glusterfs-test]# 

[root@rhsauto020 glusterfs-test]# ls -l
total 1
-rwx------. 1 root root 22 May 10 07:22 a
drwxr-xr-x. 2 root root 36 May 10 07:01 dir
-rw-r--r--. 1 root root  0 May 10 14:12 l


/var/log/glusterfs/<mount-point>.log

[2013-05-10 08:46:56.687226] I [client-handshake.c:450:client_set_lk_version_cbk] 0-dist-rep-client-10: Server lk version = 1
[2013-05-10 08:47:32.699920] W [client-rpc-fops.c:464:client3_3_open_cbk] 0-dist-rep-client-10: remote operation failed: Permission denied. Path: /a (2e2463f0-c62f-4400-b27e-77f014e7f2bd)
[2013-05-10 08:47:32.700066] W [client-rpc-fops.c:464:client3_3_open_cbk] 0-dist-rep-client-11: remote operation failed: Permission denied. Path: /a (2e2463f0-c62f-4400-b27e-77f014e7f2bd)
[2013-05-10 08:47:32.700129] W [fuse-bridge.c:2127:fuse_writev_cbk] 0-glusterfs-fuse: 252: WRITE => -1 (Permission denied)
[2013-05-10 08:47:32.700884] W [fuse-bridge.c:1132:fuse_err_cbk] 0-glusterfs-fuse: 253: FLUSH() ERR => -1 (Permission denied)
[2013-05-10 08:47:43.946713] W [client-rpc-fops.c:2058:client3_3_create_cbk] 0-dist-rep-client-0: remote operation failed: Permission denied. Path: /m
[2013-05-10 08:47:43.946969] W [client-rpc-fops.c:2058:client3_3_create_cbk] 0-dist-rep-client-1: remote operation failed: Permission denied. Path: /m
[2013-05-10 08:47:43.947048] W [fuse-bridge.c:1829:fuse_create_cbk] 0-glusterfs-fuse: 257: /m => -1 (Permission denied)
[2013-05-10 08:47:43.948254] W [defaults.c:1291:default_release] (-->/usr/lib64/glusterfs/3.4.0.4rhs/xlator/cluster/replicate.so(afr_create_done+0x13d) [0x7fd6af776c3d] (-->/usr/lib64/glusterfs/3.4.0.4rhs/xlator/cluster/replicate.so(afr_local_cleanup+0x15c) [0x7fd6af7aecac] (-->/usr/lib64/libglusterfs.so.0(fd_unref+0x144) [0x7fd6b63f8c24]))) 0-fuse: xlator does not implement release_cbk
[2013-05-10 08:49:46.261745] W [client-rpc-fops.c:464:client3_3_open_cbk] 0-dist-rep-client-11: remote operation failed: Permission denied. Path: /a (2e2463f0-c62f-4400-b27e-77f014e7f2bd)
[2013-05-10 08:49:46.261866] W [client-rpc-fops.c:464:client3_3_open_cbk] 0-dist-rep-client-10: remote operation failed: Permission denied. Path: /a (2e2463f0-c62f-4400-b27e-77f014e7f2bd)
[2013-05-10 08:49:46.261924] W [fuse-bridge.c:2127:fuse_writev_cbk] 0-glusterfs-fuse: 287: WRITE => -1 (Permission denied)
[2013-05-10 08:49:46.262766] W [fuse-bridge.c:1132:fuse_err_cbk] 0-glusterfs-fuse: 288: FLUSH() ERR => -1 (Permission denied)


Expected results:

the read is suppose to fail, write should not wait for write and say "Permission Denied", rather an attempt to write should fail directly.

Additional info:
Comment 2 Raghavendra Bhat 2013-05-13 07:47:04 EDT
Can you please turn off open-behind xlator and check if the same issue happens?
Comment 5 Raghavendra Bhat 2013-05-15 07:24:16 EDT
I repeated the below steps:

1. volume create, start volume
2. fuse mount
3. on fuse mount, create a file "f"
4. on fuse mount point, chmod 700 f
5. root-squash enable
6. turn off open-behind.
6. on fuse mount , cat a and cat >> a

I got the proper o/p as mentioned in comment #1.

cat file
cat: file: Permission denied
[root@hp-dl380pgen8-02-vm-12 glusterfs]# cat >> file
bash: file: Permission denied

ls -l file
-rwx------ 1 root root 5 May 15 07:19 file


Volume Name: mirror
Type: Replicate
Volume ID: 46d13827-7b3b-4dc9-a599-85e299e089d4
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: hp-dl380pgen8-02-vm-11.lab.bos.redhat.com:/export/mirror
Brick2: hp-dl380pgen8-02-vm-13.lab.bos.redhat.com:/export/mirror
Options Reconfigured:
performance.open-behind: off
server.root-squash: enable

As of now the work around for the issue is turning off open-behind.
Comment 6 Vivek Agarwal 2015-12-03 12:25:00 EST
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/

If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.

Note You need to log in before you can comment on or make changes to this bug.