[Gluster-devel] Question regarding to gluster and vfs

Raghavendra G raghavendra at gluster.com
Fri Aug 18 10:23:16 UTC 2017 

On Thu, Aug 17, 2017 at 5:16 PM, Shyam Ranganathan <srangana at redhat.com>
wrote:

> On 08/17/2017 07:36 AM, Amar Tumballi wrote:
>
>>
>>
>> On Thu, Aug 17, 2017 at 1:21 PM, Raghavendra Talur <rtalur at redhat.com
>> <mailto:rtalur at redhat.com>> wrote:
>>
>>     On Wed, Aug 16, 2017 at 5:52 PM, Ilan Schwarts <ilan84 at gmail.com
>>     <mailto:ilan84 at gmail.com>> wrote:
>>      > Hi,
>>      > So this is a bit odd case.
>>      > I have created 2 servers nodes (running CentOS 7.3)
>>      > From Client machine (CentOS 7.2) I mount to one of the nodes
>>     (nfs) using:
>>      > [root at CentOS7286-64 mnt]#  mount -t nfs
>>      > L137B-GlusterFS-Node1.L137B-root.com:/volume1 /mnt/glustervianfs/
>>      >
>>      > When i created (touch) a file over the NFS:
>>      > From Client Machine:
>>      > [revivo at CentOS7286-64 glustervianfs]$ touch nfs3file
>>      > [revivo at CentOS7286-64 glustervianfs]$ id revivo
>>      > uid=2021(revivo) gid=2020(maccabi) groups=2020(maccabi),10(wheel)
>>      >
>>      > On Server machine:
>>      > I monitor the file operations at VFS kernel level.
>>      > I receive 1 event of file create, and 2 events of set attribute
>>     changes.
>>      > What I see is that root creates the file (uid/gid of 0)
>>      > And then root (also) use chown and chgrp to set security
>> (attribute)
>>      > of the new file.
>>      >
>>      > When i go to the glutser volume itself and ls -la,i do see the
>>      > *correct* (2021 - revivo /2020 - revivo) uid/gid:
>>      > [root at L137B-GlusterFS-Node1 volume1]# ls -lia
>>      > total 24
>>      > 11 drwxrwxrwx.  3 revivo maccabi 4096 Aug 10 12:13 .
>>      >  2 drwxr-xr-x.  3 root   root    4096 Aug  9 14:32 ..
>>      > 12 drw-------. 16 root   root    4096 Aug 10 12:13 .glusterfs
>>      > 31 -rw-r--r--.  2 revivo maccabi    0 Aug 10 12:13 nfs3file
>>      >
>>      > Why on the VFS layer i get uid/gid - 0/0
>>
>>     As you have pointed out above, the file is created with 0:0
>>     owner:group but subsequent operations change owner and group using
>>     chown and chgrp. This is because the glusterfsd(brick daemon) process
>>     always runs as root. I don't know the exact reason why setfsuid and
>>     setfsgid are not used although the code exist.
>>
>>     Amar/Pranith/Raghavendra/Vijay,
>>
>>     Do you know why HAVE_SET_FSID is undefined in line
>>     https://github.com/gluster/glusterfs/blob/master/xlators/sto
>> rage/posix/src/posix.c#L65
>>     <https://github.com/gluster/glusterfs/blob/master/xlators/st
>> orage/posix/src/posix.c#L65>
>>
>>
>> Its been ~10 years since its disabled in codebase, and I don't recollect
>> why completely right now.
>>
>> By checking the patch [1] which got this change, I couldn't make out
>> much: Probably something to do with Solaris support IMO.
>>
>> [1] - https://github.com/gluster/historic/commit/3176ddf99f701412b
>> d799cc730afd598c2a13e39
>>
>> May be time to run a test by removing that line as we are friendly with
>> only Linux/BSD right now.
>>
>
> From memory (so take it with a pinch of salt), setting internal xattrs and
> the like needed root permissions, and not UID/GID permissions, this was
> when parts of DHT xattr setting was fixed and this code path analyzed
> (about less than a year back).
>
> So when testing it out this possibly needs some consideration. @Nithya do
> you have a better context to provide?
>

These scenarios are explicitly handled by setting uid/gid to 0 while doing
these operations (like linkto file creation etc). Even if we run into bugs
after removing this, explicit setting of credentials should be preferred.


>
>> Regards,
>> Amar
>>
>>     Thanks,
>>     Raghavendra Talur
>>
>>
>>
>>
>> --
>> Amar Tumballi (amarts)
>>
>>
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
>> http://lists.gluster.org/mailman/listinfo/gluster-devel
>>
>> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-devel
>



-- 
Raghavendra G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-devel/attachments/20170818/c0805d86/attachment-0001.html>

More information about the Gluster-devel mailing list