[Gluster-devel] Bug with group permissions

Geoff Kassel gkassel at users.sourceforge.net
Sat Mar 1 13:23:33 UTC 2008 

Hi again,

>    I'll try out my production servers with TLA 689 (plus my QA
> modifications and fixes to get glusterfs to run under Hardened Gentoo)
> tonight Australian AEST, and see if this bug has really been squashed in
> the circumstances that originally spawned it.

I've just finished a trial upgrade - my QA+bugfix patched version of TLA 691 
still does not work properly (i.e. df -k and ls -al hung) on my Hardened 
Gentoo production servers.

I guess I'll have to do more QA work, focusing particular on the changes since 
636, since that's still the last version that worked for my particular 
configuration under Hardened Gentoo.

Cheers,

Geoff Kassel.

On Thu, 28 Feb 2008, Geoff Kassel wrote:
> Hi all,
>    Now that I'm able to test glusterfs installs on Gentoo Hardened again,
> it appears that my reported group permissions bug seems to have been
> resolved sometime between TLA 636 and TLA 689 - at least for the QA server
> and client specifications.
>
>    I'll try out my production servers with TLA 689 (plus my QA
> modifications and fixes to get glusterfs to run under Hardened Gentoo)
> tonight Australian AEST, and see if this bug has really been squashed in
> the circumstances that originally spawned it.
>
> Kind regards,
>
> Geoff Kassel.
>
> On Tue, 6 Nov 2007, Raghavendra G wrote:
> > Resending to list.
> >
> > ---------- Forwarded message ----------
> > From: Raghavendra G <raghavendra at zresearch.com>
> > Date: Nov 6, 2007 9:41 AM
> > Subject: Re: [Gluster-devel] Bug with group permissions
> > To: gkassel at users.sourceforge.net
> >
> >
> > Another question,
> > Does both alpha and bravo have the user group you are experimenting with?
> >
> > regards,
> >
> > On Nov 6, 2007 9:34 AM, Geoff Kassel < gkassel at users.sourceforge.net> 
wrote:
> > > Hi Raghavendra,
> > >   I'll see if I can do a log run for this when my system is quieter
> > > i.e. sometime later tonight, Australian Eastern Standard Time. I don't
> > > think I'm
> > > going to to be able to produce any clearer logs than that already
> > > provided,
> > > though, since this is a multi-user production system.
> > >
> > >   In the meanwhile, I have a virtual server image of this system
> > > pre-deployment that I'm planning on testing to see if the bug occurs
> > > with the
> > > 545 patch. If it does, I can provide clearer logs for you now. If I
> > > can't get
> > > it to recur on this system, that'll narrow down quite substantially the
> > > circumstances under which this bug occurs.
> > >
> > >   I'll let you know how I go.
> > >
> > > Cheers,
> > >
> > > Geoff Kassel.
> > >
> > > On Mon, 5 Nov 2007, you wrote:
> > > > Hi Geoff,
> > > >
> > > > The glusterfs.log you sent me indicates that you've been doing lots
> > > > of operations. Is it possible for you to reproduce the bug just using
> > > > the
> > >
> > > set
> > >
> > > > of commands you had given in your first mail? i.e,
> > > >
> > > > groupmems -a nonrootuser -g randomgroup
> > > > cd /glusterfsmountpoint
> > > > mkdir test
> > > > chown root:randomgroup test
> > > > chmod 770 test
> > > >  su - nonrootuser
> > > > cd /glusterfsmountpoint/test # Succeeds
> > > > ls # Permission denied error.
> > > > echo "Hello" > testfile      # Also gives a perm
> > > >
> > > > and send the logs generated?
> > > >
> > > > On Nov 5, 2007 12:57 PM, Geoff Kassel <gkassel at users.sourceforge.net>
> > >
> > > wrote:
> > > > > Hi Raghavendra,
> > > > >
> > > > > > I found two client spec files in both alpha/ and bravo/. by any
> > >
> > > chance
> > >
> > > > > are
> > > > >
> > > > > > you running two clients?
> > > > >
> > > > > Yes, that is correct. I'm using GlusterFS to maintain shared
> > > > > storage between
> > > > > two machines. Both machines run a GlusterFS server, providing a
> > >
> > > namespace
> > >
> > > > > and
> > > > > a dataspace, which are subsequently unified and AFR'd in the client
> > >
> > > also
> > >
> > > > > run
> > > > > on each machine.
> > > > >
> > > > > > #uname -a
> > > > >
> > > > > Linux alpha 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> > >
> > > i686
> > >
> > > > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > > > >
> > > > > and
> > > > >
> > > > > Linux bravo 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> > >
> > > i686
> > >
> > > > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > > > >
> > > > > The two machines are identical in hardware, and the software
> > > > > configuration is
> > > > > more or less identical, being different only in host name and
> > >
> > > symmetrical
> > >
> > > > > changes for load balancing and hosting purposes. GlusterFS
> > >
> > > communicates
> > >
> > > > > over
> > > > > a GigE link between the pair, utilized only by GlusterFS and
> > >
> > > keepalived
> > >
> > > > > for
> > > > > load-balancing and maintenance of redundant services.
> > > > >
> > > > > While the processors are 64-bit, I'm running 32-bit for software
> > > > > compatibility
> > > > > reasons - that's one difference between your kernel and mine. I
> > > > > also
> > >
> > > use
> > >
> > > > > PaX,
> > > > > which affects memory allocation and access, and have the grsec
> > >
> > > extensions
> > >
> > > > > compiled in (as part of the Gentoo hardened-sources) but not
> > > > > enabled.
> > > > >
> > > > > Attached is my kernel config. I hope this helps.
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Geoff Kassel.
> > > > >
> > > > > On Mon, 5 Nov 2007, you wrote:
> > > > > > Hi Geoff,
> > > > > >
> > > > > > I found two client spec files in both alpha/ and bravo/. by any
> > >
> > > chance
> > >
> > > > > are
> > > > >
> > > > > > you running two clients?
> > > > > >
> > > > > > I tried with single glusterfs client running on a node with the
> > > > >
> > > > > following
> > > > >
> > > > > > configuration
> > > > > >
> > > > > > #uname -a
> > > > > > Linux master-node 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT
> > > > > > 2007
> > > > >
> > > > > x86_64
> > > > >
> > > > > > x86_64 x86_64 GNU/Linux
> > > > > >
> > > > > > but still I cannot reproduce your problem. I am using
> > >
> > > fuse-2.7.0-glfs5.
> > >
> > > > > So
> > > > >
> > > > > > the only difference in configuration of the node is the kernel.
> > > > > >
> > > > > > Going through logs If I can find any hints.
> > > > > > regards,
> > > > > >
> > > > > > On Nov 5, 2007 10:31 AM, Geoff Kassel
> > > > > > <gkassel at users.sourceforge.net
> > > > >
> > > > > wrote:
> > > > > > > Hi Raghavendra,
> > > > > > >
> > > > > > > I'm not replying to the list because of the size of the
> > > > > > > attached
> > >
> > > log
> > >
> > > > > > > files.
> > > > > > >
> > > > > > > > I tried to reproduce your problem with
> > > > > > >
> > > > > > > glusterfs--mainline--2.5--patch-545,
> > > > > > >
> > > > > > > > but without success.
> > > > > > >
> > > > > > > That's not too surprising - I use a 2.6.20 hardened Gentoo
> > > > > > > kernel with PaX enabled, so I'm likely to get different errors
> > > > > > > to
> > >
> > > everyone
> > >
> > > > > > > else. I found the
> > > > > > > error occurred with (at least) patches 543 and onwards.
> > > > > > >
> > > > > > > > Can you send your client/server logs and configuration
> > > > > > > > files? Also what is the fuse version you are using?
> > > > > > >
> > > > > > > Sure - they're in the attached ZIP file. I'm using FUSE
> > >
> > > 2.7.0-glfs5
> > >
> > > > > > > on both
> > > > > > > machines, known as alpha and bravo. I've sent logs and spec
> > > > > > > files
> > >
> > > for
> > >
> > > > > > > both machines, in the accordingly named directories.
> > > > > > >
> > > > > > > To find the time of my various tests, search for ': /test' in
> > > > > > > the glusterfs
> > > > > > > logs. The most relevant test (i.e. the results of which I
> > > > > > > posted
> > > > >
> > > > > about)
> > > > >
> > > > > > > is ': /test4'.
> > > > > > >
> > > > > > > Good luck with the bug hunt!
> > > > > > >
> > > > > > > Cheers,
> > > > > > >
> > > > > > > Geoff Kassel.
> > > > > > >
> > > > > > > On Mon, 5 Nov 2007, Raghavendra G wrote:
> > > > > > > > Hi Geoff,
> > > > > > > > I tried to reproduce your problem with
> > > > > > >
> > > > > > > glusterfs--mainline--2.5--patch-545,
> > > > > > >
> > > > > > > > but without success. Can you send your client/server logs and
> > > > > > >
> > > > > > > configuration
> > > > > > >
> > > > > > > > files? Also what is the fuse version you are using?
> > > > > > > >
> > > > > > > > regards,
> > > > > > > >
> > > > > > > > On Nov 4, 2007 4:39 PM, Geoff Kassel
> > > > > > > > <gkassel at users.sourceforge.net>
> > > > > > >
> > > > > > > wrote:
> > > > > > > > > Hi all,
> > > > > > > > >   I've think I've found a group permissions bug in the
> > > > > > > > > latest
> > > > >
> > > > > patches
> > > > >
> > > > > > > > > committed to the repository. The bug causes permission
> > > > > > > > > denied
> > > > >
> > > > > errors
> > > > >
> > > > > > > for
> > > > > > >
> > > > > > > > > non-root users where they should have adequate access.
> > > > > > > > >
> > > > > > > > > The following set of commands under a glusterfs mount
> > >
> > > reproduces
> > >
> > > > > the
> > > > >
> > > > > > > bug
> > > > > > >
> > > > > > > > > for
> > > > > > > > > me:
> > > > > > > > >
> > > > > > > > >   groupmems -a nonrootuser -g randomgroup
> > > > > > > > >   cd /glusterfsmountpoint
> > > > > > > > >   mkdir test
> > > > > > > > >   chown root:randomgroup test
> > > > > > > > >   chmod 770 test
> > > > > > > > >   su - nonrootuser
> > > > > > > > >   cd /glusterfsmountpoint/test # Succeeds
> > > > > > > > >   ls # Permission denied error.
> > > > > > > > >   echo "Hello" > testfile      # Also gives a permission
> > >
> > > denied
> > >
> > > > > > > > > error.
> > > > > > > > >
> > > > > > > > > To get a successful ls under the non-root user, permissions
> > >
> > > need
> > >
> > > > > to
> > > > >
> > > > > > > > > be 775 in
> > > > > > > > > the test directory. To get a successful file creation, it
> > >
> > > needs
> > >
> > > > > > > > > to
> > > > >
> > > > > be
> > > > >
> > > > > > > > > 777.
> > > > > > > > >
> > > > > > > > > I have noticed that on the initial cd as the non-root user,
> > >
> > > there
> > >
> > > > > > > seems
> > > > > > >
> > > > > > > > > to be
> > > > > > > > > the following in the client logs (I'm using AFR/Unify):
> > > > > > > > >
> > > > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > > > >
> > > > > shared-namespace-afr:
> > > > > > > > > afrfdp
> > > > > > > > > is NULL, returning EBADFD
> > > > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > > > >
> > > > > shared-dataspace-afr:
> > > > > > > > > afrfdp
> > > > > > > > > is NULL, returning EBADFD
> > > > > > > > > 2007-11-04 22:36:25 E [fuse-bridge.c:654:fuse_fd_cbk]
> > > > >
> > > > > glusterfs-fuse:
> > > > > > > > > 1322194: /test => -1 (13)
> > > > > > > > >
> > > > > > > > > This bug doesn't cause the server or client to crash. (I
> > > > > > > > > have
> > > > >
> > > > > noticed
> > > > >
> > > > > > > a
> > > > > > >
> > > > > > > > > lot
> > > > > > > > > of 'E [unify.c:145:unify_buf_cbk] shared:
> > > > > > > > > shared-namespace-afr
> > > > > > >
> > > > > > > returned
> > > > > > >
> > > > > > > > > 107'
> > > > > > > > > and random server crashes in general lately, but this
> > > > > > > > > appears
> > > > > > >
> > > > > > > unrelated.)
> > > > > > >
> > > > > > > > > I can provide logs as well as client and server spec files
> > > > > > > > > on request.
> > > > > > > > >
> > > > > > > > > Kind regards,
> > > > > > > > >
> > > > > > > > > Geoff Kassel.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Gluster-devel mailing list
> > > > > > > > > Gluster-devel at nongnu.org
> > > > > > > > > http://lists.nongnu.org/mailman/listinfo/gluster-devel
> >
> > --
> > Raghavendra G
> >
> > A centipede was happy quite, until a toad in fun,
> > Said, "Prey, which leg comes after which?",
> > This raised his doubts to such a pitch,
> > He fell flat into the ditch,
> > Not knowing how to run.
> > -Anonymous
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at nongnu.org
> http://lists.nongnu.org/mailman/listinfo/gluster-devel

More information about the Gluster-devel mailing list