[Gluster-users] ACL

Thai. Ngo Bao thainb at vng.com.vn
Fri Oct 21 07:05:12 UTC 2011


Hi Anush,

Well, I was aware of this feature of glusterfs several months ago and one will lose the advantage of glusterfs (such as high performance, fail-over, etc) if he/she uses gluster nfs instead of gluster native protocol.
I believe using gluster nfs will solve the problem I am concerning with (export some subdirectory per client). Could you please point me out what one will lose when using gluster nsf instead of native protocol in terms of performance?

Thanks,
~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Friday, October 21, 2011 12:07 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Thai,

Yes, we do.

http://community.gluster.org/q/export-subdirectories-of-volumes-with-nfs/

-
Anush

________________________________
From: Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 21 October 2011 08:21:32
To: Anush Shetty; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL
Hi Anush,

Thanks for the info. Also, I wonder if gluster concerns with some feature allowing glusterfs to export subdirectories for clients by gluster native protocol like NFS?

Thanks,
~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Thursday, October 20, 2011 1:37 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Thai,

As of now, there are no provisions to mount GlusterFS client as a normal user.

-
Anush
________________________________
From: gluster-users-bounces at gluster.org [gluster-users-bounces at gluster.org] on behalf of Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 20 October 2011 12:00:44
To: Anush Shetty; gluster-users at gluster.org
Subject: Re: [Gluster-users] ACL
Hi Anush,

Thanks for your response. I do know that there is almost no difference in behavior of these  2 cases (POSIX ACL) except the thing I concerned with by the test. Please correct me if I am wrong.
It turns out that glusterfs ACL has no effect if client mounts gluster volume under root user. That's why I asked in previous email if we can anyhow force (from glusterfs servers) clients to mount under a normal user instead of root.

What do you think?

~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Thursday, October 20, 2011 1:03 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi Thai,

Have you tried these steps without glusterfs in the picture? I see no difference in behaviour when tried directly on the backend filesystem.

-
Anush
________________________________
From: Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 20 October 2011 08:04:31
To: Anush Shetty; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL
Hi Anush,

Thanks for your quick reply. There was no error when set ACL. Below is what I has done at Client Side:

1.       Under root user: mount -t glusterfs IP_server:/volume_name  -o acl  /mnt

2.       Under root user at client, create a folder named thainb: mkdir -p /mnt/thainb

3.       Under root user: chown -R thainb:thainb /mnt/thainb

4.       Under root user: set  -m u:thainb:rw /mnt/thainb

5.       su thainb

6.       create some folder and file under thainb folder

7.       su peter

8.       remove file and folder

9.       Permission denied log from glusterfs:

[2011-10-20 08:58:17.603705] W [fuse-bridge.c:847:fuse_err_cbk] 0-glusterfs-fuse: 2646: ACCESS() /thainb/readme => -1 (Permission denied)

[2011-10-20 08:58:19.7369] W [fuse-bridge.c:908:fuse_unlink_cbk] 0-glusterfs-fuse: 2648: UNLINK() /thainb/readme => -1 (Permission denied)



10.   Exit su and under root user, remove file and folder

11.   No log from gluster

-----------snip---------------------
[root at GSO_DB_Local4 thainb]# su peter
[peter at GSO_DB_Local4 thainb]$ ls -al
total 56
drwxrwxr-x+  3 thainb thainb 8192 Oct 20 08:56 .
drwxr-xr-x  26 root   root   8192 Oct 20 08:34 ..
-rw-rw-r--   1 thainb thainb    6 Oct 20 08:56 readme
drwxrwxr-x   2 thainb thainb 8192 Oct 20 08:40 test

[peter at GSO_DB_Local4 thainb]$ rm readme
rm: remove write-protected regular file `readme'? y
rm: cannot remove `readme': Permission denied
[peter at GSO_DB_Local4 thainb]$ exit
exit
[root at GSO_DB_Local4 thainb]# ls
readme  test
[root at GSO_DB_Local4 thainb]# rm readme
rm: remove regular file `readme'? y
[root at GSO_DB_Local4 thainb]# rm -f test
rm: cannot remove `test': Is a directory
[root at GSO_DB_Local4 thainb]# rm -rf test
[root at GSO_DB_Local4 thainb]# ls
[root at GSO_DB_Local4 thainb]# getfacl .
# file: .
# owner: thainb
# group: thainb
user::rwx
user:thainb:rw-
group::r-x
mask::rwx
other::r-x

[root at GSO_DB_Local4 thainb]# pwd
/mnt/thainb
[root at GSO_DB_Local4 thainb]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3              74G  7.1G   63G  11% /
/dev/sda1              99M   12M   82M  13% /boot
tmpfs                 2.0G     0  2.0G   0% /dev/shm
/dev/sda3              74G  7.1G   63G  11% /data
glusterfs#lab3:/farm53   148G  9.5G  131G   7% /mnt

-------------end----------------------

What do you suggest?

Thanks,
~Thai

From: Anush Shetty [mailto:anush at gluster.com]
Sent: Wednesday, October 19, 2011 5:58 PM
To: Thai. Ngo Bao; gluster-users at gluster.org
Subject: RE: [Gluster-users] ACL

Hi,

Do you see any error messages when you try to set ACL? Can you also paste the logs here?

-
Anush
________________________________
From: gluster-users-bounces at gluster.org [gluster-users-bounces at gluster.org] on behalf of Thai. Ngo Bao [thainb at vng.com.vn]
Sent: 19 October 2011 16:16:36
To: gluster-users at gluster.org
Subject: [Gluster-users] ACL
Hi,

I am testing gluster 3.2.4 with ACL on small linux cluster:


1.       All exports (bricks) mounted with -o acl option

2.       All the glusterfs clients mounted with -o acl option

Acl works perfectly when clients mount under normal users but it will not work if clients mount under root user.  What am I missing? How can we force clients to mount under normal user rather than root user?

Thanks,
~Thai
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.1831 / Virus Database: 2092/4562 - Release Date: 10/19/11
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.1831 / Virus Database: 2092/4562 - Release Date: 10/19/11
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.1831 / Virus Database: 2092/4564 - Release Date: 10/20/11
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20111021/36886975/attachment.html>


More information about the Gluster-users mailing list