Fwd: Bug with group permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Resending to list.

---------- Forwarded message ----------
From: Raghavendra G <raghavendra@xxxxxxxxxxxxx>
Date: Nov 6, 2007 9:41 AM
Subject: Re: Bug with group permissions
To: gkassel@xxxxxxxxxxxxxxxxxxxxx


Another question,
Does both alpha and bravo have the user group you are experimenting with?

regards,

On Nov 6, 2007 9:34 AM, Geoff Kassel < gkassel@xxxxxxxxxxxxxxxxxxxxx> wrote:

> Hi Raghavendra,
>   I'll see if I can do a log run for this when my system is quieter i.e.
> sometime later tonight, Australian Eastern Standard Time. I don't think
> I'm
> going to to be able to produce any clearer logs than that already
> provided,
> though, since this is a multi-user production system.
>
>   In the meanwhile, I have a virtual server image of this system
> pre-deployment that I'm planning on testing to see if the bug occurs with
> the
> 545 patch. If it does, I can provide clearer logs for you now. If I can't
> get
> it to recur on this system, that'll narrow down quite substantially the
> circumstances under which this bug occurs.
>
>   I'll let you know how I go.
>
> Cheers,
>
> Geoff Kassel.
>
> On Mon, 5 Nov 2007, you wrote:
> > Hi Geoff,
> >
> > The glusterfs.log you sent me indicates that you've been doing lots of
> > operations. Is it possible for you to reproduce the bug just using the
> set
> > of commands you had given in your first mail? i.e,
> >
> > groupmems -a nonrootuser -g randomgroup
> > cd /glusterfsmountpoint
> > mkdir test
> > chown root:randomgroup test
> > chmod 770 test
> >  su - nonrootuser
> > cd /glusterfsmountpoint/test # Succeeds
> > ls # Permission denied error.
> > echo "Hello" > testfile      # Also gives a perm
> >
> > and send the logs generated?
> >
> > On Nov 5, 2007 12:57 PM, Geoff Kassel <gkassel@xxxxxxxxxxxxxxxxxxxxx>
> wrote:
> > > Hi Raghavendra,
> > >
> > > > I found two client spec files in both alpha/ and bravo/. by any
> chance
> > >
> > > are
> > >
> > > > you running two clients?
> > >
> > > Yes, that is correct. I'm using GlusterFS to maintain shared storage
> > > between
> > > two machines. Both machines run a GlusterFS server, providing a
> namespace
> > > and
> > > a dataspace, which are subsequently unified and AFR'd in the client
> also
> > > run
> > > on each machine.
> > >
> > > > #uname -a
> > >
> > > Linux alpha 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> i686
> > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > >
> > > and
> > >
> > > Linux bravo 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> i686
> > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > >
> > > The two machines are identical in hardware, and the software
> > > configuration is
> > > more or less identical, being different only in host name and
> symmetrical
> > > changes for load balancing and hosting purposes. GlusterFS
> communicates
> > > over
> > > a GigE link between the pair, utilized only by GlusterFS and
> keepalived
> > > for
> > > load-balancing and maintenance of redundant services.
> > >
> > > While the processors are 64-bit, I'm running 32-bit for software
> > > compatibility
> > > reasons - that's one difference between your kernel and mine. I also
> use
> > > PaX,
> > > which affects memory allocation and access, and have the grsec
> extensions
> > > compiled in (as part of the Gentoo hardened-sources) but not enabled.
> > >
> > > Attached is my kernel config. I hope this helps.
> > >
> > > Cheers,
> > >
> > > Geoff Kassel.
> > >
> > > On Mon, 5 Nov 2007, you wrote:
> > > > Hi Geoff,
> > > >
> > > > I found two client spec files in both alpha/ and bravo/. by any
> chance
> > >
> > > are
> > >
> > > > you running two clients?
> > > >
> > > > I tried with single glusterfs client running on a node with the
> > >
> > > following
> > >
> > > > configuration
> > > >
> > > > #uname -a
> > > > Linux master-node 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007
> > >
> > > x86_64
> > >
> > > > x86_64 x86_64 GNU/Linux
> > > >
> > > > but still I cannot reproduce your problem. I am using
> fuse-2.7.0-glfs5.
> > >
> > > So
> > >
> > > > the only difference in configuration of the node is the kernel.
> > > >
> > > > Going through logs If I can find any hints.
> > > > regards,
> > > >
> > > > On Nov 5, 2007 10:31 AM, Geoff Kassel <gkassel@xxxxxxxxxxxxxxxxxxxxx
> >
> > >
> > > wrote:
> > > > > Hi Raghavendra,
> > > > >
> > > > > I'm not replying to the list because of the size of the attached
> log
> > > > > files.
> > > > >
> > > > > > I tried to reproduce your problem with
> > > > >
> > > > > glusterfs--mainline--2.5--patch-545,
> > > > >
> > > > > > but without success.
> > > > >
> > > > > That's not too surprising - I use a 2.6.20 hardened Gentoo kernel
> > > > > with PaX enabled, so I'm likely to get different errors to
> everyone
> > > > > else. I found the
> > > > > error occurred with (at least) patches 543 and onwards.
> > > > >
> > > > > > Can you send your client/server logs and configuration
> > > > > > files? Also what is the fuse version you are using?
> > > > >
> > > > > Sure - they're in the attached ZIP file. I'm using FUSE
> 2.7.0-glfs5
> > > > > on both
> > > > > machines, known as alpha and bravo. I've sent logs and spec files
> for
> > > > > both machines, in the accordingly named directories.
> > > > >
> > > > > To find the time of my various tests, search for ': /test' in the
> > > > > glusterfs
> > > > > logs. The most relevant test (i.e. the results of which I posted
> > >
> > > about)
> > >
> > > > > is ': /test4'.
> > > > >
> > > > > Good luck with the bug hunt!
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Geoff Kassel.
> > > > >
> > > > > On Mon, 5 Nov 2007, Raghavendra G wrote:
> > > > > > Hi Geoff,
> > > > > > I tried to reproduce your problem with
> > > > >
> > > > > glusterfs--mainline--2.5--patch-545,
> > > > >
> > > > > > but without success. Can you send your client/server logs and
> > > > >
> > > > > configuration
> > > > >
> > > > > > files? Also what is the fuse version you are using?
> > > > > >
> > > > > > regards,
> > > > > >
> > > > > > On Nov 4, 2007 4:39 PM, Geoff Kassel
> > > > > > <gkassel@xxxxxxxxxxxxxxxxxxxxx>
> > > > >
> > > > > wrote:
> > > > > > > Hi all,
> > > > > > >   I've think I've found a group permissions bug in the latest
> > >
> > > patches
> > >
> > > > > > > committed to the repository. The bug causes permission denied
> > >
> > > errors
> > >
> > > > > for
> > > > >
> > > > > > > non-root users where they should have adequate access.
> > > > > > >
> > > > > > > The following set of commands under a glusterfs mount
> reproduces
> > >
> > > the
> > >
> > > > > bug
> > > > >
> > > > > > > for
> > > > > > > me:
> > > > > > >
> > > > > > >   groupmems -a nonrootuser -g randomgroup
> > > > > > >   cd /glusterfsmountpoint
> > > > > > >   mkdir test
> > > > > > >   chown root:randomgroup test
> > > > > > >   chmod 770 test
> > > > > > >   su - nonrootuser
> > > > > > >   cd /glusterfsmountpoint/test # Succeeds
> > > > > > >   ls # Permission denied error.
> > > > > > >   echo "Hello" > testfile      # Also gives a permission
> denied
> > > > > > > error.
> > > > > > >
> > > > > > > To get a successful ls under the non-root user, permissions
> need
> > >
> > > to
> > >
> > > > > > > be 775 in
> > > > > > > the test directory. To get a successful file creation, it
> needs
> > > > > > > to
> > >
> > > be
> > >
> > > > > > > 777.
> > > > > > >
> > > > > > > I have noticed that on the initial cd as the non-root user,
> there
> > > > >
> > > > > seems
> > > > >
> > > > > > > to be
> > > > > > > the following in the client logs (I'm using AFR/Unify):
> > > > > > >
> > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > >
> > > shared-namespace-afr:
> > > > > > > afrfdp
> > > > > > > is NULL, returning EBADFD
> > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > >
> > > shared-dataspace-afr:
> > > > > > > afrfdp
> > > > > > > is NULL, returning EBADFD
> > > > > > > 2007-11-04 22:36:25 E [fuse-bridge.c:654:fuse_fd_cbk]
> > >
> > > glusterfs-fuse:
> > > > > > > 1322194: /test => -1 (13)
> > > > > > >
> > > > > > > This bug doesn't cause the server or client to crash. (I have
> > >
> > > noticed
> > >
> > > > > a
> > > > >
> > > > > > > lot
> > > > > > > of 'E [unify.c:145:unify_buf_cbk] shared: shared-namespace-afr
> > > > >
> > > > > returned
> > > > >
> > > > > > > 107'
> > > > > > > and random server crashes in general lately, but this appears
> > > > >
> > > > > unrelated.)
> > > > >
> > > > > > > I can provide logs as well as client and server spec files on
> > > > > > > request.
> > > > > > >
> > > > > > > Kind regards,
> > > > > > >
> > > > > > > Geoff Kassel.
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Gluster-devel mailing list
> > > > > > > Gluster-devel@xxxxxxxxxx
> > > > > > > http://lists.nongnu.org/mailman/listinfo/gluster-devel
>
>


-- 
Raghavendra G

A centipede was happy quite, until a toad in fun,
Said, "Prey, which leg comes after which?",
This raised his doubts to such a pitch,
He fell flat into the ditch,
Not knowing how to run.
-Anonymous



-- 
Raghavendra G

A centipede was happy quite, until a toad in fun,
Said, "Prey, which leg comes after which?",
This raised his doubts to such a pitch,
He fell flat into the ditch,
Not knowing how to run.
-Anonymous


[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux