[Bugs] [Bug 1533046] New: ACLs - permission denied
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jan 10 10:55:34 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1533046
Bug ID: 1533046
Summary: ACLs - permission denied
Product: GlusterFS
Version: 3.12
Component: access-control
Assignee: bugs at gluster.org
Reporter: christopher.webb at kcl.ac.uk
CC: bugs at gluster.org
Description of problem:
I have a gluster partition mounted locally for testing:
[root at testfs ~]# mount -t glusterfs -o acl testfs:/group /mnt/testlocal/
[xpimxwm at testfs testlocal]$ df -h .
Filesystem Size Used Avail Use% Mounted on
testfs:/group 20T 466G 20T 3% /mnt/testlocal
[xpimxwm at testfs testlocal]$ mount | grep /mnt/testlocal
testfs:/group on /mnt/testlocal type fuse.glusterfs
(rw,relatime,user_id=0,group_id=0,allow_other,max_read=131072)
[xpimxwm at testfs testlocal]$
The get/setfacl tools work, I have added two groups my account belongs to
(cnsadm/mriqa):
[xpimxmw at testfs testlocal]$ getfacl /mnt/testlocal/x-test
getfacl: Removing leading '/' from absolute path names
# file: mnt/testlocal/x-test
# owner: 10001
# group: root
user::rwx
group::rwx
group:cnsadm:rwx
group:mriqa:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:mriqa:rwx
default:mask::rwx
default:other::---
[xpimxmw at testfs testlocal]$ groups
cnsadm paradigm nsgc rhode .magicb physics mriqa zzzzz
[xpimxmw at testfs testlocal]$ o
I am neither user 10001 nor in the root group, however the ACL should allow me
access:
[xpimxmw at testfs testlocal]$ ls -ld /mnt/testlocal/x-test/
drwxrwx---+ 3 10001 root 4096 Jan 9 16:23 /mnt/testlocal/x-test/
[xpimxmw at testfs testlocal]$ ls /mnt/testlocal/x-test/
ls: cannot open directory /mnt/testlocal/x-test/: Permission denied
[xpimxmw at testfs testlocal]$
I'm somewhat surprised cd works:
[xpimxmw at testfs testlocal]$ cd /mnt/testlocal/x-test/
[xpimxmw at testfs x-test]$ ls
ls: cannot open directory .: Permission denied
[xpimxmw at testfs x-test]$ cd -
[xpimxmw at testfs testlocal]$
I can however access the raw bricks directly:
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/
brick01/ brick02/
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/brick01/
acltest* physics/ speed/ x-test/
[xpimxmw at testfs testlocal]$ ls /data/glusterfs/brick01/x-test/
fred
[xpimxmw at testfs testlocal]$ getfacl /data/glusterfs/brick01/x-test
getfacl: Removing leading '/' from absolute path names
# file: data/glusterfs/brick01/x-test
etfacl: Removing leading '/' from absolute path names
# file: data/glusterfs/brick01/x-test
# owner: 10001
# group: root
user::rwx
group::rwx
group:cnsadm:rwx
group:mriqa:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:mriqa:rwx
default:mask::rwx
default:other::---
[xpimxmw at testfs testlocal]$
Version-Release number of selected component (if applicable):
[xpimxmw at testfs testlocal]$ rpm -qa | grep gluster
centos-release-gluster312-1.0-1.el7.centos.noarch
glusterfs-3.12.3-1.el7.x86_64
glusterfs-client-xlators-3.12.3-1.el7.x86_64
nfs-ganesha-gluster-2.5.3-1.el6.x86_64
glusterfs-cli-3.12.3-1.el7.x86_64
glusterfs-api-3.12.3-1.el7.x86_64
glusterfs-libs-3.12.3-1.el7.x86_64
glusterfs-fuse-3.12.3-1.el7.x86_64
glusterfs-server-3.12.3-1.el7.x86_64
glusterfs-rdma-3.12.3-1.el7.x86_64
[xpimxmw at testfs testlocal]$
[xpimxmw at testfs testlocal]$ uname -a
Linux testfs 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
[xpimxmw at testfs testlocal]$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[xpimxmw at testfs testlocal]$
How reproducible:
Always
Steps to Reproduce:
As above.
Actual results:
ACLs not honored
Expected results:
ACLs should allow access
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list