Re: Bug with group permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
   Now that I'm able to test glusterfs installs on Gentoo Hardened again, it 
appears that my reported group permissions bug seems to have been resolved 
sometime between TLA 636 and TLA 689 - at least for the QA server and client 
specifications.

   I'll try out my production servers with TLA 689 (plus my QA modifications 
and fixes to get glusterfs to run under Hardened Gentoo) tonight Australian 
AEST, and see if this bug has really been squashed in the circumstances that 
originally spawned it.

Kind regards,

Geoff Kassel.

On Tue, 6 Nov 2007, Raghavendra G wrote:
> Resending to list.
>
> ---------- Forwarded message ----------
> From: Raghavendra G <raghavendra@xxxxxxxxxxxxx>
> Date: Nov 6, 2007 9:41 AM
> Subject: Re: Bug with group permissions
> To: gkassel@xxxxxxxxxxxxxxxxxxxxx
>
>
> Another question,
> Does both alpha and bravo have the user group you are experimenting with?
>
> regards,
>
> On Nov 6, 2007 9:34 AM, Geoff Kassel < gkassel@xxxxxxxxxxxxxxxxxxxxx> wrote:
> > Hi Raghavendra,
> >   I'll see if I can do a log run for this when my system is quieter i.e.
> > sometime later tonight, Australian Eastern Standard Time. I don't think
> > I'm
> > going to to be able to produce any clearer logs than that already
> > provided,
> > though, since this is a multi-user production system.
> >
> >   In the meanwhile, I have a virtual server image of this system
> > pre-deployment that I'm planning on testing to see if the bug occurs with
> > the
> > 545 patch. If it does, I can provide clearer logs for you now. If I can't
> > get
> > it to recur on this system, that'll narrow down quite substantially the
> > circumstances under which this bug occurs.
> >
> >   I'll let you know how I go.
> >
> > Cheers,
> >
> > Geoff Kassel.
> >
> > On Mon, 5 Nov 2007, you wrote:
> > > Hi Geoff,
> > >
> > > The glusterfs.log you sent me indicates that you've been doing lots of
> > > operations. Is it possible for you to reproduce the bug just using the
> >
> > set
> >
> > > of commands you had given in your first mail? i.e,
> > >
> > > groupmems -a nonrootuser -g randomgroup
> > > cd /glusterfsmountpoint
> > > mkdir test
> > > chown root:randomgroup test
> > > chmod 770 test
> > >  su - nonrootuser
> > > cd /glusterfsmountpoint/test # Succeeds
> > > ls # Permission denied error.
> > > echo "Hello" > testfile      # Also gives a perm
> > >
> > > and send the logs generated?
> > >
> > > On Nov 5, 2007 12:57 PM, Geoff Kassel <gkassel@xxxxxxxxxxxxxxxxxxxxx>
> >
> > wrote:
> > > > Hi Raghavendra,
> > > >
> > > > > I found two client spec files in both alpha/ and bravo/. by any
> >
> > chance
> >
> > > > are
> > > >
> > > > > you running two clients?
> > > >
> > > > Yes, that is correct. I'm using GlusterFS to maintain shared storage
> > > > between
> > > > two machines. Both machines run a GlusterFS server, providing a
> >
> > namespace
> >
> > > > and
> > > > a dataspace, which are subsequently unified and AFR'd in the client
> >
> > also
> >
> > > > run
> > > > on each machine.
> > > >
> > > > > #uname -a
> > > >
> > > > Linux alpha 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> >
> > i686
> >
> > > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > > >
> > > > and
> > > >
> > > > Linux bravo 2.6.20-hardened-r10 #1 SMP Sat Oct 20 05:41:43 EST 2007
> >
> > i686
> >
> > > > Dual-Core AMD Opteron(tm) Processor 2218 AuthenticAMD GNU/Linux
> > > >
> > > > The two machines are identical in hardware, and the software
> > > > configuration is
> > > > more or less identical, being different only in host name and
> >
> > symmetrical
> >
> > > > changes for load balancing and hosting purposes. GlusterFS
> >
> > communicates
> >
> > > > over
> > > > a GigE link between the pair, utilized only by GlusterFS and
> >
> > keepalived
> >
> > > > for
> > > > load-balancing and maintenance of redundant services.
> > > >
> > > > While the processors are 64-bit, I'm running 32-bit for software
> > > > compatibility
> > > > reasons - that's one difference between your kernel and mine. I also
> >
> > use
> >
> > > > PaX,
> > > > which affects memory allocation and access, and have the grsec
> >
> > extensions
> >
> > > > compiled in (as part of the Gentoo hardened-sources) but not enabled.
> > > >
> > > > Attached is my kernel config. I hope this helps.
> > > >
> > > > Cheers,
> > > >
> > > > Geoff Kassel.
> > > >
> > > > On Mon, 5 Nov 2007, you wrote:
> > > > > Hi Geoff,
> > > > >
> > > > > I found two client spec files in both alpha/ and bravo/. by any
> >
> > chance
> >
> > > > are
> > > >
> > > > > you running two clients?
> > > > >
> > > > > I tried with single glusterfs client running on a node with the
> > > >
> > > > following
> > > >
> > > > > configuration
> > > > >
> > > > > #uname -a
> > > > > Linux master-node 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007
> > > >
> > > > x86_64
> > > >
> > > > > x86_64 x86_64 GNU/Linux
> > > > >
> > > > > but still I cannot reproduce your problem. I am using
> >
> > fuse-2.7.0-glfs5.
> >
> > > > So
> > > >
> > > > > the only difference in configuration of the node is the kernel.
> > > > >
> > > > > Going through logs If I can find any hints.
> > > > > regards,
> > > > >
> > > > > On Nov 5, 2007 10:31 AM, Geoff Kassel
> > > > > <gkassel@xxxxxxxxxxxxxxxxxxxxx
> > > >
> > > > wrote:
> > > > > > Hi Raghavendra,
> > > > > >
> > > > > > I'm not replying to the list because of the size of the attached
> >
> > log
> >
> > > > > > files.
> > > > > >
> > > > > > > I tried to reproduce your problem with
> > > > > >
> > > > > > glusterfs--mainline--2.5--patch-545,
> > > > > >
> > > > > > > but without success.
> > > > > >
> > > > > > That's not too surprising - I use a 2.6.20 hardened Gentoo kernel
> > > > > > with PaX enabled, so I'm likely to get different errors to
> >
> > everyone
> >
> > > > > > else. I found the
> > > > > > error occurred with (at least) patches 543 and onwards.
> > > > > >
> > > > > > > Can you send your client/server logs and configuration
> > > > > > > files? Also what is the fuse version you are using?
> > > > > >
> > > > > > Sure - they're in the attached ZIP file. I'm using FUSE
> >
> > 2.7.0-glfs5
> >
> > > > > > on both
> > > > > > machines, known as alpha and bravo. I've sent logs and spec files
> >
> > for
> >
> > > > > > both machines, in the accordingly named directories.
> > > > > >
> > > > > > To find the time of my various tests, search for ': /test' in the
> > > > > > glusterfs
> > > > > > logs. The most relevant test (i.e. the results of which I posted
> > > >
> > > > about)
> > > >
> > > > > > is ': /test4'.
> > > > > >
> > > > > > Good luck with the bug hunt!
> > > > > >
> > > > > > Cheers,
> > > > > >
> > > > > > Geoff Kassel.
> > > > > >
> > > > > > On Mon, 5 Nov 2007, Raghavendra G wrote:
> > > > > > > Hi Geoff,
> > > > > > > I tried to reproduce your problem with
> > > > > >
> > > > > > glusterfs--mainline--2.5--patch-545,
> > > > > >
> > > > > > > but without success. Can you send your client/server logs and
> > > > > >
> > > > > > configuration
> > > > > >
> > > > > > > files? Also what is the fuse version you are using?
> > > > > > >
> > > > > > > regards,
> > > > > > >
> > > > > > > On Nov 4, 2007 4:39 PM, Geoff Kassel
> > > > > > > <gkassel@xxxxxxxxxxxxxxxxxxxxx>
> > > > > >
> > > > > > wrote:
> > > > > > > > Hi all,
> > > > > > > >   I've think I've found a group permissions bug in the latest
> > > >
> > > > patches
> > > >
> > > > > > > > committed to the repository. The bug causes permission denied
> > > >
> > > > errors
> > > >
> > > > > > for
> > > > > >
> > > > > > > > non-root users where they should have adequate access.
> > > > > > > >
> > > > > > > > The following set of commands under a glusterfs mount
> >
> > reproduces
> >
> > > > the
> > > >
> > > > > > bug
> > > > > >
> > > > > > > > for
> > > > > > > > me:
> > > > > > > >
> > > > > > > >   groupmems -a nonrootuser -g randomgroup
> > > > > > > >   cd /glusterfsmountpoint
> > > > > > > >   mkdir test
> > > > > > > >   chown root:randomgroup test
> > > > > > > >   chmod 770 test
> > > > > > > >   su - nonrootuser
> > > > > > > >   cd /glusterfsmountpoint/test # Succeeds
> > > > > > > >   ls # Permission denied error.
> > > > > > > >   echo "Hello" > testfile      # Also gives a permission
> >
> > denied
> >
> > > > > > > > error.
> > > > > > > >
> > > > > > > > To get a successful ls under the non-root user, permissions
> >
> > need
> >
> > > > to
> > > >
> > > > > > > > be 775 in
> > > > > > > > the test directory. To get a successful file creation, it
> >
> > needs
> >
> > > > > > > > to
> > > >
> > > > be
> > > >
> > > > > > > > 777.
> > > > > > > >
> > > > > > > > I have noticed that on the initial cd as the non-root user,
> >
> > there
> >
> > > > > > seems
> > > > > >
> > > > > > > > to be
> > > > > > > > the following in the client logs (I'm using AFR/Unify):
> > > > > > > >
> > > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > > >
> > > > shared-namespace-afr:
> > > > > > > > afrfdp
> > > > > > > > is NULL, returning EBADFD
> > > > > > > > 2007-11-04 22:36:25 E [afr.c:5654:afr_closedir]
> > > >
> > > > shared-dataspace-afr:
> > > > > > > > afrfdp
> > > > > > > > is NULL, returning EBADFD
> > > > > > > > 2007-11-04 22:36:25 E [fuse-bridge.c:654:fuse_fd_cbk]
> > > >
> > > > glusterfs-fuse:
> > > > > > > > 1322194: /test => -1 (13)
> > > > > > > >
> > > > > > > > This bug doesn't cause the server or client to crash. (I have
> > > >
> > > > noticed
> > > >
> > > > > > a
> > > > > >
> > > > > > > > lot
> > > > > > > > of 'E [unify.c:145:unify_buf_cbk] shared:
> > > > > > > > shared-namespace-afr
> > > > > >
> > > > > > returned
> > > > > >
> > > > > > > > 107'
> > > > > > > > and random server crashes in general lately, but this appears
> > > > > >
> > > > > > unrelated.)
> > > > > >
> > > > > > > > I can provide logs as well as client and server spec files on
> > > > > > > > request.
> > > > > > > >
> > > > > > > > Kind regards,
> > > > > > > >
> > > > > > > > Geoff Kassel.
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Gluster-devel mailing list
> > > > > > > > Gluster-devel@xxxxxxxxxx
> > > > > > > > http://lists.nongnu.org/mailman/listinfo/gluster-devel
>
> --
> Raghavendra G
>
> A centipede was happy quite, until a toad in fun,
> Said, "Prey, which leg comes after which?",
> This raised his doubts to such a pitch,
> He fell flat into the ditch,
> Not knowing how to run.
> -Anonymous





[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux