[Gluster-users] ACL

Anush Shetty anush at gluster.com
Fri Oct 21 05:07:01 UTC 2011 

Hi Thai,

Yes, we do.

http://community.gluster.org/q/export-subdirectories-of-volumes-with-nfs/

-
Anush


________________________________
From: Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 21 October 2011 08:21:32
To: Anush Shetty; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Anush,

Thanks for the info. Also, I wonder if gluster concerns with some feature allowing glusterfs to export subdirectories for clients by gluster native protocol like NFS?

Thanks,
~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Thursday, October 20, 2011 1:37 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Thai,

As of now, there are no provisions to mount GlusterFS client as a normal user.

-
Anush
________________________________
From: gluster-users-bounces at gluster.org [gluster-users-bounces at gluster.org] on behalf of Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 20 October 2011 12:00:44
To: Anush Shetty; gluster-users at gluster.org
Subject: Re: [Gluster-users] ACL
Hi Anush,

Thanks for your response. I do know that there is almost no difference in behavior of these  2 cases (POSIX ACL) except the thing I concerned with by the test. Please correct me if I am wrong.
It turns out that glusterfs ACL has no effect if client mounts gluster volume under root user. That’s why I asked in previous email if we can anyhow force (from glusterfs servers) clients to mount under a normal user instead of root.

What do you think?

~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Thursday, October 20, 2011 1:03 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Thai,

Have you tried these steps without glusterfs in the picture? I see no difference in behaviour when tried directly on the backend filesystem.

-
Anush
________________________________
From: Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 20 October 2011 08:04:31
To: Anush Shetty; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL
Hi Anush,

Thanks for your quick reply. There was no error when set ACL. Below is what I has done at Client Side:

1.       Under root user: mount –t glusterfs IP_server:/volume_name  –o acl  /mnt

2.       Under root user at client, create a folder named thainb: mkdir –p /mnt/thainb

3.       Under root user: chown –R thainb:thainb /mnt/thainb

4.       Under root user: set  -m u:thainb:rw /mnt/thainb

5.       su thainb

6.       create some folder and file under thainb folder

7.       su peter

8.       remove file and folder

9.       Permission denied log from glusterfs:

[2011-10-20 08:58:17.603705] W [fuse-bridge.c:847:fuse_err_cbk] 0-glusterfs-fuse: 2646: ACCESS() /thainb/readme => -1 (Permission denied)

[2011-10-20 08:58:19.7369] W [fuse-bridge.c:908:fuse_unlink_cbk] 0-glusterfs-fuse: 2648: UNLINK() /thainb/readme => -1 (Permission denied)



10.   Exit su and under root user, remove file and folder

11.   No log from gluster

-----------snip---------------------
[root at GSO_DB_Local4 thainb]# su peter
[peter at GSO_DB_Local4 thainb]$ ls -al
total 56
drwxrwxr-x+  3 thainb thainb 8192 Oct 20 08:56 .
drwxr-xr-x  26 root   root   8192 Oct 20 08:34 ..
-rw-rw-r--   1 thainb thainb    6 Oct 20 08:56 readme
drwxrwxr-x   2 thainb thainb 8192 Oct 20 08:40 test

[peter at GSO_DB_Local4 thainb]$ rm readme
rm: remove write-protected regular file `readme'? y
rm: cannot remove `readme': Permission denied
[peter at GSO_DB_Local4 thainb]$ exit
exit
[root at GSO_DB_Local4 thainb]# ls
readme  test
[root at GSO_DB_Local4 thainb]# rm readme
rm: remove regular file `readme'? y
[root at GSO_DB_Local4 thainb]# rm -f test
rm: cannot remove `test': Is a directory
[root at GSO_DB_Local4 thainb]# rm -rf test
[root at GSO_DB_Local4 thainb]# ls
[root at GSO_DB_Local4 thainb]# getfacl .
# file: .
# owner: thainb
# group: thainb
user::rwx
user:thainb:rw-
group::r-x
mask::rwx
other::r-x

[root at GSO_DB_Local4 thainb]# pwd
/mnt/thainb
[root at GSO_DB_Local4 thainb]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3              74G  7.1G   63G  11% /
/dev/sda1              99M   12M   82M  13% /boot
tmpfs                 2.0G     0  2.0G   0% /dev/shm
/dev/sda3              74G  7.1G   63G  11% /data
glusterfs#lab3:/farm53   148G  9.5G  131G   7% /mnt

-------------end----------------------

What do you suggest?

Thanks,
~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Wednesday, October 19, 2011 5:58 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi,

Do you see any error messages when you try to set ACL? Can you also paste the logs here?

-
Anush
________________________________
From: gluster-users-bounces at gluster.org [gluster-users-bounces at gluster.org] on behalf of Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 19 October 2011 16:16:36
To: gluster-users at gluster.org
Subject: [Gluster-users] ACL
Hi,

I am testing gluster 3.2.4 with ACL on small linux cluster:


1.       All exports (bricks) mounted with –o acl option

2.       All the glusterfs clients mounted with –o acl option

Acl works perfectly when clients mount under normal users but it will not work if clients mount under root user.  What am I missing? How can we force clients to mount under normal user rather than root user?

Thanks,
~Thai
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.1831 / Virus Database: 2092/4562 - Release Date: 10/19/11
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.1831 / Virus Database: 2092/4562 - Release Date: 10/19/11
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20111021/8c9a4273/attachment.html>

More information about the Gluster-users mailing list