[Gluster-devel] Question regarding to gluster and vfs
raghavendra at gluster.com
Fri Aug 18 10:23:16 UTC 2017
On Thu, Aug 17, 2017 at 5:16 PM, Shyam Ranganathan <srangana at redhat.com>
> On 08/17/2017 07:36 AM, Amar Tumballi wrote:
>> On Thu, Aug 17, 2017 at 1:21 PM, Raghavendra Talur <rtalur at redhat.com
>> <mailto:rtalur at redhat.com>> wrote:
>> On Wed, Aug 16, 2017 at 5:52 PM, Ilan Schwarts <ilan84 at gmail.com
>> <mailto:ilan84 at gmail.com>> wrote:
>> > Hi,
>> > So this is a bit odd case.
>> > I have created 2 servers nodes (running CentOS 7.3)
>> > From Client machine (CentOS 7.2) I mount to one of the nodes
>> (nfs) using:
>> > [root at CentOS7286-64 mnt]# mount -t nfs
>> > L137B-GlusterFS-Node1.L137B-root.com:/volume1 /mnt/glustervianfs/
>> > When i created (touch) a file over the NFS:
>> > From Client Machine:
>> > [revivo at CentOS7286-64 glustervianfs]$ touch nfs3file
>> > [revivo at CentOS7286-64 glustervianfs]$ id revivo
>> > uid=2021(revivo) gid=2020(maccabi) groups=2020(maccabi),10(wheel)
>> > On Server machine:
>> > I monitor the file operations at VFS kernel level.
>> > I receive 1 event of file create, and 2 events of set attribute
>> > What I see is that root creates the file (uid/gid of 0)
>> > And then root (also) use chown and chgrp to set security
>> > of the new file.
>> > When i go to the glutser volume itself and ls -la,i do see the
>> > *correct* (2021 - revivo /2020 - revivo) uid/gid:
>> > [root at L137B-GlusterFS-Node1 volume1]# ls -lia
>> > total 24
>> > 11 drwxrwxrwx. 3 revivo maccabi 4096 Aug 10 12:13 .
>> > 2 drwxr-xr-x. 3 root root 4096 Aug 9 14:32 ..
>> > 12 drw-------. 16 root root 4096 Aug 10 12:13 .glusterfs
>> > 31 -rw-r--r--. 2 revivo maccabi 0 Aug 10 12:13 nfs3file
>> > Why on the VFS layer i get uid/gid - 0/0
>> As you have pointed out above, the file is created with 0:0
>> owner:group but subsequent operations change owner and group using
>> chown and chgrp. This is because the glusterfsd(brick daemon) process
>> always runs as root. I don't know the exact reason why setfsuid and
>> setfsgid are not used although the code exist.
>> Do you know why HAVE_SET_FSID is undefined in line
>> Its been ~10 years since its disabled in codebase, and I don't recollect
>> why completely right now.
>> By checking the patch  which got this change, I couldn't make out
>> much: Probably something to do with Solaris support IMO.
>>  - https://github.com/gluster/historic/commit/3176ddf99f701412b
>> May be time to run a test by removing that line as we are friendly with
>> only Linux/BSD right now.
> From memory (so take it with a pinch of salt), setting internal xattrs and
> the like needed root permissions, and not UID/GID permissions, this was
> when parts of DHT xattr setting was fixed and this code path analyzed
> (about less than a year back).
> So when testing it out this possibly needs some consideration. @Nithya do
> you have a better context to provide?
These scenarios are explicitly handled by setting uid/gid to 0 while doing
these operations (like linkto file creation etc). Even if we run into bugs
after removing this, explicit setting of credentials should be preferred.
>> Raghavendra Talur
>> Amar Tumballi (amarts)
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
> Gluster-devel mailing list
> Gluster-devel at gluster.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gluster-devel