[Bugs] [Bug 1533046] New: ACLs - permission denied

bugzilla at redhat.com bugzilla at redhat.com
Wed Jan 10 10:55:34 UTC 2018


https://bugzilla.redhat.com/show_bug.cgi?id=1533046

            Bug ID: 1533046
           Summary: ACLs - permission denied
           Product: GlusterFS
           Version: 3.12
         Component: access-control
          Assignee: bugs at gluster.org
          Reporter: christopher.webb at kcl.ac.uk
                CC: bugs at gluster.org



Description of problem:

I have a gluster partition mounted locally for testing:

[root at testfs ~]# mount -t glusterfs -o acl testfs:/group /mnt/testlocal/

[xpimxwm at testfs testlocal]$ df -h .
Filesystem      Size  Used Avail Use% Mounted on
testfs:/group    20T  466G   20T   3% /mnt/testlocal
[xpimxwm at testfs testlocal]$ mount | grep /mnt/testlocal
testfs:/group on /mnt/testlocal type fuse.glusterfs
(rw,relatime,user_id=0,group_id=0,allow_other,max_read=131072)
[xpimxwm at testfs testlocal]$

The get/setfacl tools work, I have added two groups my account belongs to
(cnsadm/mriqa):

[xpimxmw at testfs testlocal]$ getfacl /mnt/testlocal/x-test
getfacl: Removing leading '/' from absolute path names
# file: mnt/testlocal/x-test
# owner: 10001
# group: root
user::rwx
group::rwx
group:cnsadm:rwx
group:mriqa:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:mriqa:rwx
default:mask::rwx
default:other::---

[xpimxmw at testfs testlocal]$ groups
cnsadm paradigm nsgc rhode .magicb physics mriqa zzzzz
[xpimxmw at testfs testlocal]$ o

I am neither user 10001 nor in the root group, however the ACL should allow me
access:
[xpimxmw at testfs testlocal]$ ls -ld /mnt/testlocal/x-test/
drwxrwx---+ 3 10001 root 4096 Jan  9 16:23 /mnt/testlocal/x-test/
[xpimxmw at testfs testlocal]$ ls /mnt/testlocal/x-test/
ls: cannot open directory /mnt/testlocal/x-test/: Permission denied
[xpimxmw at testfs testlocal]$

I'm somewhat surprised cd works:

[xpimxmw at testfs testlocal]$ cd /mnt/testlocal/x-test/
[xpimxmw at testfs x-test]$ ls
ls: cannot open directory .: Permission denied
[xpimxmw at testfs x-test]$ cd -
[xpimxmw at testfs testlocal]$


I can however access the raw bricks directly:
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/
brick01/ brick02/
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/brick01/
acltest*    physics/     speed/      x-test/
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/brick01/x-test/
fred
[xpimxmw at testfs testlocal]$ getfacl /data/glusterfs/brick01/x-test
getfacl: Removing leading '/' from absolute path names
# file: data/glusterfs/brick01/x-test
etfacl: Removing leading '/' from absolute path names
# file: data/glusterfs/brick01/x-test
# owner: 10001
# group: root
user::rwx
group::rwx
group:cnsadm:rwx
group:mriqa:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:mriqa:rwx
default:mask::rwx
default:other::---

[xpimxmw at testfs testlocal]$

Version-Release number of selected component (if applicable):

[xpimxmw at testfs testlocal]$ rpm -qa | grep gluster
centos-release-gluster312-1.0-1.el7.centos.noarch
glusterfs-3.12.3-1.el7.x86_64
glusterfs-client-xlators-3.12.3-1.el7.x86_64
nfs-ganesha-gluster-2.5.3-1.el6.x86_64
glusterfs-cli-3.12.3-1.el7.x86_64
glusterfs-api-3.12.3-1.el7.x86_64
glusterfs-libs-3.12.3-1.el7.x86_64
glusterfs-fuse-3.12.3-1.el7.x86_64
glusterfs-server-3.12.3-1.el7.x86_64
glusterfs-rdma-3.12.3-1.el7.x86_64
[xpimxmw at testfs testlocal]$

[xpimxmw at testfs testlocal]$ uname -a
Linux testfs 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
[xpimxmw at testfs testlocal]$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[xpimxmw at testfs testlocal]$

How reproducible:

Always

Steps to Reproduce:

As above.

Actual results:

ACLs not honored

Expected results:

ACLs should allow access

Additional info:

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list