[Bugs] [Bug 1175739] [USS]: Non root user who has no access to a directory, from NFS mount, is able to access the files under .snaps under that directory

bugzilla at redhat.com bugzilla at redhat.com
Fri Jan 16 13:00:39 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1175739

Raghavendra Bhat <rabhat at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |MODIFIED
                 CC|                            |rabhat at redhat.com



--- Comment #4 from Raghavendra Bhat <rabhat at redhat.com> ---
Description of problem:
======================
>From NFS mount, non-root user who has no access to a directory, is able to
access the snaps and files under .snaps under that directory  


Version-Release number of selected component (if applicable):
============================================================
glusterfs 3.6.0.32

How reproducible:
=================
2/2

Steps to Reproduce:
==================
1.Create a 2x2 dist-rep volume and start it 

2.Fuse and NFS mount the volume 
  Create 2 users (user1, user2)

3.Enable USS on the volume 

4.From fuse mount, create dir1_fuse  
  Give permissions to dir1_fuse as chmod 700 user1
  Create files a{1..10} under dir1_fuse

5.From nfs mount, create dir1_nfs  
  Give permissions to dir1_nfs as chmod 700 user1
  Create files b{1..10} under dir1_nfs

6.Create snapshot Snap1 

7.Login as user1 :
  ===============
  From fuse mount, cd to .snaps and list the snapshots access the files   
  under them. 
  From nfs mount, cd to .snaps and list the snapshots access the files 
  under them

8.Login as user2 :
  ===============
>From fuse mount, cd to .snaps and list the snapshots access the files   
under them -> it fails with 'Permission denied' error which is as expected

[user2 at dhcp-0-97 Snap1]$ ll
total 0
drwx------. 2 user1 root 61 Nov 17 19:21 dir1_fuse
drwx------. 2 user1 root 52 Nov 17 19:22 dir1_nfs
[user2 at dhcp-0-97 Snap1]$ cd dir1_fuse/
bash: cd: dir1_fuse/: Permission denied



>From nfs mount, cd to .snaps and list the snapshots access the files 
under them - it is successful.
user2 is able to list the snapshots and access the files under .snaps of   
dir1_nfs for which he has no access. Instead user2 should get 'Permission   
denied' error 

[user2 at dhcp-0-97 Snap1]$ cd dir1_nfs/
[user2 at dhcp-0-97 dir1_nfs]$ ll
total 0
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b1
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b10
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b2
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b3
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b4
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b5
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b6
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b7
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b8
-rw-rw-r--. 1 user1 user1 0 Nov 17 19:22 b9


Actual results:
===============
>From NFS mount, non-root user who has no access to a directory, is able to
access the snaps and files under .snaps under that directory

Expected results:
================
non root user who has no access to any directory should not be able to access
.snaps and access the files under the snapshots listed under that directory.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list