[Gluster-devel] 3.5.1-beta2 Problems with suid and sgid bits on directories
Shyamsundar Ranganathan
srangana at redhat.com
Thu Jun 26 18:00:34 UTC 2014
Anders,
Please find the modified patch to be applied on master for the SGID bit propagation issue, https://bugzilla.redhat.com/show_bug.cgi?id=1110262
Other comments inline.
> > DHT winds a call to mkdir as a part of the dht_selfheal_directory (in
> > dht_selfheal_dir_mkdir where it winds a call to mkdir for all
> > subvolumes that have the directory missing) with the right mode bits
> > (in this case with the SGID bit). As the POSIX layer on the brick
> > calls mkdir, the SGID bit is not set for the newly created directory
> > due to [1].
> I think this depends on the sgid bit of the parent directory on the brick,
> which might indicate that mkdir_p should be checked as well.
Yes, if the parent directory has the SGID bit this would not happen, but in the case explained, when we heal the parent that first starts carrying the SGID bit, we start the problem and hence children do not get the cascaded SGID set.
>
> > Further to calling mkdir DHT now winds an setattr to set the mode
> > bits straight, but ends up using the mode bits that are returned in
> > the iatt (stat) information by the just concluded mkdir wind, which
> > has the SGID bit missing, as mkdir returns the stat information from
> > posix_mkdir, by doing a stat post mkdir. Hence we never end up
> > setting the SGID bit in the setattr part of DHT.
> To me this does not quite explain how a directory (sometimes) winds up with
> permissions set to 0.
Agreed, hence the initial comment on answering one of the multiple problems posed :)
>
> > This would make the
> > directory equal on all the bricks, and further discrepancies from the
> > mount point or on the backed should not be seen.
> Make sure to use the last version (currently 3) of the test script from
> https://bugzilla.redhat.com/show_bug.cgi?id=1110262
Did the same and things work as intended, but for some reason the waitperm never exited even with the right permissions, but I validated that part manually and things looked good.
Regards,
Shyam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: attrheal.patch
Type: text/x-patch
Size: 4049 bytes
Desc: not available
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140626/59e00316/attachment.bin>
More information about the Gluster-devel
mailing list