[Bugs] [Bug 1246275] POSIX ACLs as used by a FUSE mount can not use more than 32 groups

bugzilla at redhat.com bugzilla at redhat.com
Wed Aug 5 11:53:26 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1246275



--- Comment #3 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/11732 committed in master by Kaleb KEITHLEY
(kkeithle at redhat.com) 
------
commit 64a5bf3749c67fcc00773a2716d0c7b61b0b4417
Author: Niels de Vos <ndevos at redhat.com>
Date:   Tue Jul 21 18:50:12 2015 +0200

    fuse: add "resolve-gids" mount option to overcome 32-groups limit

    Add a --resolve-gids commandline option to the glusterfs binary. This
    option gets set when executing "mount -t glusterfs -o resolve-gids ...".

    This option is most useful in combination with the "acl" mount option.
    POSIX ACL permission checking is done on the FUSE-client side to improve
    performance (in addition to the checking on the bricks).

    The fuse-bridge reads /proc/$PID/status by default, and this file
    contains maximum 32 groups. Any local (client-side) permission checking
    that requires more than the first 32 groups will fail.

    By enabling the "resolve-gids" option, the fuse-bridge will call
    getgrouplist() to retrieve all the groups from the user accessing the
    mountpoint. This is comparable to how "nfs.server-aux-gids" works.

    Note that when a user belongs to more than ~93 groups, the volume option
    server.manage-gids needs to be enabled too. Without this option, the
    RPC-layer will need to reduce the number of groups to make them fit in
    the RPC-header.

    Change-Id: I7ede90d0e41bcf55755cced5747fa0fb1699edb2
    BUG: 1246275
    Signed-off-by: Niels de Vos <ndevos at redhat.com>
    Reviewed-on: http://review.gluster.org/11732
    Tested-by: NetBSD Build System <jenkins at build.gluster.org>
    Reviewed-by: Ravishankar N <ravishankar at redhat.com>
    Tested-by: Gluster Build System <jenkins at build.gluster.com>
    Reviewed-by: jiffin tony Thottan <jthottan at redhat.com>
    Reviewed-by: Kaleb KEITHLEY <kkeithle at redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DBO74dF7HB&a=cc_unsubscribe

More information about the Bugs mailing list