I Created a file with 'root' as owner and group. And removed the permissions for group and others. debian-server1:/ment# getfacl x # file: x # owner: root # group: root user::rwx group::--- other::--- Now I cd into a nfs mount with other login 'acl' This user is able to read and write even though he doesn't have any permissions on it. debian-server1:/mont$ whoami acl debian-server1:/mont$ cat x Line 1 Line 2 Line3 form nfs acl
This issue was seen on a distribute setup. I tried this on a plain distribute setup with a single export and found this. Didn't happen on a 2-replica setup. As root: [root@ip-10-87-33-221 ~]# rm -rf /gluster2/dot; touch /gluster2/dot [root@ip-10-87-33-221 ~]# setfacl -m u:anush:rwx /gluster2/dot As user: On NFS Mount: [anush@ip-10-87-33-221 tmp]$ echo '232323' > /nfs2/dot bash: /nfs2/dot: Permission denied On BACKEND, [anush@ip-10-87-33-221 tmp]$ echo '232323' > /mnt/export7/dot On FUSE mount [anush@ip-10-87-33-221 tmp]$ echo '232323' > /gluster2/dot [anush@ip-10-87-33-221 tmp]$
Works with the latest fixes that went in for bug 764789 root@shishirng-laptop:/mnt/gluster/fuse# getfacl file # file: file # owner: root # group: root user::rwx group::--- other::--- acl@shishirng-laptop:/mnt/glusterfs/fuse$ cat file cat: file: Permission denied acl@shishirng-laptop:/mnt/glusterfs/fuse$ echo "gluster" >file bash: file: Permission denied *** This bug has been marked as a duplicate of bug 3057 ***
This happened in 2.6.26 kernel version and when mounted with 'sec=sys' this issue doesn't happen. The issue happens only when 'sec=null' as mount options while mounting nfs.
PATCH: http://patches.gluster.com/patch/7819 in release-3.2 (nfsrpc: Re-order NFS auth array contents)
PATCH: http://patches.gluster.com/patch/7824 in release-3.1 (nfsrpc: Re-order NFS auth array contents)
PATCH: http://patches.gluster.com/patch/7884 in master (nfsrpc: Re-order NFS auth array contents)
Tested with 2.6.26, 2.6.18 and 2.6.33 kernel versions and it's working fine. Permissions set in the fuse mount does have effect in nfs mount.