<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 17, 2017 at 5:16 PM, Shyam Ranganathan <span dir="ltr"><<a href="mailto:srangana@redhat.com" target="_blank">srangana@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 08/17/2017 07:36 AM, Amar Tumballi wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
<br>
On Thu, Aug 17, 2017 at 1:21 PM, Raghavendra Talur <<a href="mailto:rtalur@redhat.com" target="_blank">rtalur@redhat.com</a> <mailto:<a href="mailto:rtalur@redhat.com" target="_blank">rtalur@redhat.com</a>>> wrote:<br>
<br>
On Wed, Aug 16, 2017 at 5:52 PM, Ilan Schwarts <<a href="mailto:ilan84@gmail.com" target="_blank">ilan84@gmail.com</a><br></span><div><div class="h5">
<mailto:<a href="mailto:ilan84@gmail.com" target="_blank">ilan84@gmail.com</a>>> wrote:<br>
> Hi,<br>
> So this is a bit odd case.<br>
> I have created 2 servers nodes (running CentOS 7.3)<br>
> From Client machine (CentOS 7.2) I mount to one of the nodes<br>
(nfs) using:<br>
> [root@CentOS7286-64 mnt]# mount -t nfs<br>
> L137B-GlusterFS-Node1.L137B-ro<wbr>ot.com:/volume1 /mnt/glustervianfs/<br>
><br>
> When i created (touch) a file over the NFS:<br>
> From Client Machine:<br>
> [revivo@CentOS7286-64 glustervianfs]$ touch nfs3file<br>
> [revivo@CentOS7286-64 glustervianfs]$ id revivo<br>
> uid=2021(revivo) gid=2020(maccabi) groups=2020(maccabi),10(wheel)<br>
><br>
> On Server machine:<br>
> I monitor the file operations at VFS kernel level.<br>
> I receive 1 event of file create, and 2 events of set attribute<br>
changes.<br>
> What I see is that root creates the file (uid/gid of 0)<br>
> And then root (also) use chown and chgrp to set security (attribute)<br>
> of the new file.<br>
><br>
> When i go to the glutser volume itself and ls -la,i do see the<br>
> *correct* (2021 - revivo /2020 - revivo) uid/gid:<br>
> [root@L137B-GlusterFS-Node1 volume1]# ls -lia<br>
> total 24<br>
> 11 drwxrwxrwx. 3 revivo maccabi 4096 Aug 10 12:13 .<br>
> 2 drwxr-xr-x. 3 root root 4096 Aug 9 14:32 ..<br>
> 12 drw-------. 16 root root 4096 Aug 10 12:13 .glusterfs<br>
> 31 -rw-r--r--. 2 revivo maccabi 0 Aug 10 12:13 nfs3file<br>
><br>
> Why on the VFS layer i get uid/gid - 0/0<br>
<br>
As you have pointed out above, the file is created with 0:0<br>
owner:group but subsequent operations change owner and group using<br>
chown and chgrp. This is because the glusterfsd(brick daemon) process<br>
always runs as root. I don't know the exact reason why setfsuid and<br>
setfsgid are not used although the code exist.<br>
<br>
Amar/Pranith/Raghavendra/Vijay<wbr>,<br>
<br>
Do you know why HAVE_SET_FSID is undefined in line<br>
<a href="https://github.com/gluster/glusterfs/blob/master/xlators/storage/posix/src/posix.c#L65" rel="noreferrer" target="_blank">https://github.com/gluster/glu<wbr>sterfs/blob/master/xlators/sto<wbr>rage/posix/src/posix.c#L65</a><br>
<<a href="https://github.com/gluster/glusterfs/blob/master/xlators/storage/posix/src/posix.c#L65" rel="noreferrer" target="_blank">https://github.com/gluster/gl<wbr>usterfs/blob/master/xlators/st<wbr>orage/posix/src/posix.c#L65</a>><br>
<br>
<br>
Its been ~10 years since its disabled in codebase, and I don't recollect why completely right now.<br>
<br>
By checking the patch [1] which got this change, I couldn't make out much: Probably something to do with Solaris support IMO.<br>
<br>
[1] - <a href="https://github.com/gluster/historic/commit/3176ddf99f701412bd799cc730afd598c2a13e39" rel="noreferrer" target="_blank">https://github.com/gluster/his<wbr>toric/commit/3176ddf99f701412b<wbr>d799cc730afd598c2a13e39</a><br>
<br>
May be time to run a test by removing that line as we are friendly with only Linux/BSD right now.<br>
</div></div></blockquote>
<br>
>From memory (so take it with a pinch of salt), setting internal xattrs and the like needed root permissions, and not UID/GID permissions, this was when parts of DHT xattr setting was fixed and this code path analyzed (about less than a year back).<br>
<br>
So when testing it out this possibly needs some consideration. @Nithya do you have a better context to provide?<br></blockquote><div><br></div><div>These scenarios are explicitly handled by setting uid/gid to 0 while doing these operations (like linkto file creation etc). Even if we run into bugs after removing this, explicit setting of credentials should be preferred.<br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
Regards,<br>
Amar<br>
<br>
Thanks,<br>
Raghavendra Talur<br>
<br>
<br>
<br>
<br>
-- <br>
Amar Tumballi (amarts)<br>
<br>
<br></span><span class="">
______________________________<wbr>_________________<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org" target="_blank">Gluster-devel@gluster.org</a><br>
<a href="http://lists.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">http://lists.gluster.org/mailm<wbr>an/listinfo/gluster-devel</a><br>
<br>
</span></blockquote><div class="HOEnZb"><div class="h5">
______________________________<wbr>_________________<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org" target="_blank">Gluster-devel@gluster.org</a><br>
<a href="http://lists.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">http://lists.gluster.org/mailm<wbr>an/listinfo/gluster-devel</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Raghavendra G<br></div>
</div></div>