On Fri, Mar 23, 2018 at 5:14 AM, Josh Haft <paccrap@xxxxxxxxx> wrote: > Hello! > > I'm running Ceph 12.2.2 with one primary and one standby MDS. Mounting > CephFS via ceph-fuse (to leverage quotas), and enabled ACLs by adding > fuse_default_permissions=0 and client_acl_type=posix_acl to the mount > options. I then export this mount via NFS and the clients mount NFS4.1. > does fuse_default_permissions=0 work? > After doing some in-depth testing it seems I'm unable to allow access from > the NFS clients to a directory/file based on group membership when the > underlying CephFS was mounted with ACL support. This issue appears using > both filesystem permissions (e.g. chgrp) and NFSv4 ACLs. However, ACLs do > work if the principal is a user instead of a group. If I disable ACL support > on the ceph-fuse mount, things work as expected using fs permissions; > obviously I don't get ACL support. > > As an intermediate step I did check whether this works directly on the > CephFS filesystem - on the NFS server - and it does. So it appears to be an > issue re-exporting it via NFS. > > I do not see this issue when mounting CephFS via the kernel, exporting via > NFS, and re-running these tests. > > I searched the ML and bug reports but only found this - > http://tracker.ceph.com/issues/12617 - which seems close to the issue I'm > running into, but was closed as resolved 2+ years ago. > > Has anyone else run into this? Am I missing something obvious? > ceph-fuse does permission check according to localhost's config of supplement group. that's why you see this behavior. Regards Yan, Zheng > Thanks! > Josh > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |