On Fri, Sep 23, 2016 at 12:30 PM, Soumya Koduri <skoduri@xxxxxxxxxx> wrote:
On 09/23/2016 08:28 AM, Pranith Kumar Karampuri wrote:
hi,
Jiffin found an interesting problem in posix xlator where we have
never been using setfsuid/gid (http://review.gluster.org/#/c/15545/ ),
what I am seeing regressions after this is, if the files are created
using non-root user then the file creation fails because that user
doesn't have permissions to create the gfid-link. So it seems like the
correct way forward for this patch is to write wrappers around
sys_<syscall> to do setfsuid/gid do the actual operation requested and
then set it back to old uid/gid and then do the internal operations. I
am planning to write posix_sys_<syscall>() to do the same, may be a macro?.
Why not otherwise around? As in can we switch to superuser when required so that we know what all internal operations need root access and avoid misusing it.
The thread should have the uid/gid of the frame->root->uid/gid only at the time of executing the syscall of open/mkdir/creat in posix xlator etc, rest of the time it shouldn't. So doing it this way.
Thanks,
Soumya
I need inputs from you guys to let me know if I am on the right path
and if you see any issues with this approach.
--
Pranith
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel
--
Pranith
_______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel