Bug 962450 - POSIX ACLs fail display / apply / set on NFSv3 mounted Gluster filesystems [NEEDINFO]
POSIX ACLs fail display / apply / set on NFSv3 mounted Gluster filesystems
Status: CLOSED EOL
Product: GlusterFS
Classification: Community
Component: nfs (Show other bugs)
3.4.0-beta
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: bugs@gluster.org
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-13 10:14 EDT by James Yale
Modified: 2015-10-07 10:05 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-07 10:05:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
skoduri: needinfo? (james.yale)


Attachments (Terms of Use)

  None (edit)
Description James Yale 2013-05-13 10:14:55 EDT
Description of problem: Despite backend filesystems on bricks being mounted with ACL support and having POSIX ACLs applied to files and directories via clients using the Gluster fuse client the permissions are not reflected on an NFS client, nor can they be set via an NFS client.

Version-Release number of selected component (if applicable): 3.4beta1, 3.4alpha3, 3.4alpha2


How reproducible: 100%


Steps to Reproduce:
1. Spin up 2 bricks in replica mode, start a volume
2. Mount volume via Gluster fuse client (with -o acl), set ACLs on test file using setfacl, verify with getfacl
3. Verify extended permissions are present on brick file systems
4. Mount volume via NFS client (with -o acl), list files permissions via ls -la or getfacl
  
Actual results:
POSIX ACLs are not displayed with ls -la 
getfacl returns invalid argument when querying a file with ACLs.

Expected results:
ls -la displays files with + to indicate presence of POSIX ACLs
getfacl displays extended ACL detail

Additional info:

# The server
[jim@webcontent07 ~]$ rpm -qa | grep gluster
glusterfs-fuse-3.4.0-0.1.beta1.el6.x86_64
glusterfs-3.4.0-0.1.beta1.el6.x86_64
glusterfs-server-3.4.0-0.1.beta1.el6.x86_64

[jim@webcontent07 ~]$ sudo gluster volume create testvol replica 2 webcontent07.in.pri.arc.pun.net:/exports/testvol webcontent08.in.pri.arc.pun.net:/exports/testvol
volume create: testvol: success: please start the volume to access data
[jim@webcontent07 ~]$ sudo gluster volume start testvol
volume start: testvol: success

# On the client
[jim@puppet glustertest]$ rpm -qa | grep gluster
glusterfs-3.4.0-0.4.beta1.el6.x86_64
glusterfs-fuse-3.4.0-0.4.beta1.el6.x86_64

[jim@puppet glustertest]$ mkdir gluster
[jim@puppet glustertest]$ mkdir nfs
[jim@puppet glustertest]$ sudo mount -t glusterfs -o acl webcontent07:/testvol gluster/ 
[jim@puppet glustertest]$ sudo mount -t nfs -o vers=3,acl webcontent07:/testvol nfs/

# Create testfile
[jim@puppet glustertest]$ sudo touch gluster/testfile

# Verify file exists
[jim@puppet glustertest]$ ls -la gluster
drwxr-xr-x 3 root root 4096 May 13 15:08 .
drwxrwxr-x 4 jim  jim  4096 May 13 15:06 ..
-rw-r--r-- 1 root root 0 May 13 15:08 gluster/testfile

[jim@puppet glustertest]$ ls -la nfs
total 8
drwxr-xr-x 3 root root 4096 May 13 15:08 .
drwxrwxr-x 4 jim  jim  4096 May 13 15:06 ..
-rw-r--r-- 1 root root    0 May 13 15:08 testfile

# Verify file exists on server
[jim@webcontent07 ~]$ ls -la /exports/testvol/
total 16
drwxr-xr-x 3 root root 4096 May 13 15:08 .
drwxr-xr-x 8 root root 4096 May 13 15:05 ..
drw------- 5 root root 4096 May 13 15:08 .glusterfs
-rw-r--r-- 2 root root    0 May 13 15:08 testfile

# Set some extended ACLs
[jim@puppet glustertest]$ sudo setfacl -R -m g:apache:rwx gluster/testfile 

# Verify extended ACLs via gluster client
[jim@puppet glustertest]$ ls -la gluster/
total 8
drwxr-xr-x  3 root root 4096 May 13 15:08 .
drwxrwxr-x  4 jim  jim  4096 May 13 15:06 ..
-rw-rwxr--+ 1 root root    0 May 13 15:08 testfile
[jim@puppet glustertest]$ getfacl gluster/testfile 
# file: gluster/testfile
# owner: root
# group: root
user::rw-
group::r--
group:apache:rwx
mask::rwx
other::r--

# Verify ACLs on server
[jim@webcontent07 ~]$ ls -la /exports/testvol/
total 16
drwxr-xr-x  3 root root 4096 May 13 15:08 .
drwxr-xr-x  8 root root 4096 May 13 15:05 ..
drw-------  5 root root 4096 May 13 15:08 .glusterfs
-rw-rwxr--+ 2 root root    0 May 13 15:08 testfile

# Verify ACLs via NFS
[jim@puppet glustertest]$ ls -la nfs/
total 8
drwxr-xr-x 3 root root 4096 May 13 15:08 .
drwxrwxr-x 4 jim  jim  4096 May 13 15:06 ..
-rw-rwxr-- 1 root root    0 May 13 15:08 testfile
[jim@puppet glustertest]$ getfacl nfs/testfile 
getfacl: nfs/testfile: Invalid argument
Comment 1 johaven 2013-07-17 07:38:06 EDT
On debian based, the problem is reversed on 3.4 stable.

On Nfs3(mounted with acl) we can see the acl on files, and via gluster fuse client : acl on files do not appear.
Comment 2 Charles Nguyen 2013-08-08 13:12:27 EDT
This is also the case with the release version in the yum repository for CentOS. It works properly with FUSE, does not work with NFSv3.

[root@node003 ~]# rpm -qa | grep gluster
glusterfs-libs-3.4.0-8.el6.x86_64
glusterfs-server-3.4.0-8.el6.x86_64
glusterfs-3.4.0-8.el6.x86_64
glusterfs-cli-3.4.0-8.el6.x86_64
glusterfs-fuse-3.4.0-8.el6.x86_64
[root@node003 ~]# 

[root@node003 ~]# mount -t nfs -o vers=3,acl,tcp,noatime  node000:/test-data /mnt/test-data-nfs

[ctn@node003 test-data-nfs]$ getfacl *
getfacl: original: Invalid argument
getfacl: testing: Invalid argument
[ctn@node003 test-data-nfs]$ ls
original/  testing/
[ctn@node003 test-data-nfs]$ getfacl *
getfacl: original: Invalid argument
getfacl: testing: Invalid argument
Comment 3 Soumya Koduri 2015-02-27 05:14:08 EST
Can you please confirm it on the latest GlusterFS  mainline release?
Comment 4 Soumya Koduri 2015-02-27 05:14:36 EST
Can you please confirm it on the latest GlusterFS  mainline release?
Comment 5 Niels de Vos 2015-05-17 17:59:06 EDT
GlusterFS 3.7.0 has been released (http://www.gluster.org/pipermail/gluster-users/2015-May/021901.html), and the Gluster project maintains N-2 supported releases. The last two releases before 3.7 are still maintained, at the moment these are 3.6 and 3.5.

This bug has been filed against the 3,4 release, and will not get fixed in a 3.4 version any more. Please verify if newer versions are affected with the reported problem. If that is the case, update the bug with a note, and update the version if you can. In case updating the version is not possible, leave a comment in this bug report with the version you tested, and set the "Need additional information the selected bugs from" below the comment box to "bugs@gluster.org".

If there is no response by the end of the month, this bug will get automatically closed.
Comment 6 Kaleb KEITHLEY 2015-10-07 10:05:55 EDT
GlusterFS 3.4.x has reached end-of-life.

If this bug still exists in a later release please reopen this and change the version or open a new bug.

Note You need to log in before you can comment on or make changes to this bug.