I'd like to get feedback on the feature proposal explained in https://github.com/gluster/glusterfs/issues/301: Ability to force permissions while creating files/directories on a volume The description of the feature is included for reference below. Thanks! Niels Some users have troubles with applications that create files on a Gluster Volume. The files are expected to be writeable by others in the same group, but the default system umask (client-side) may prevent this. In their own words: > We would like to be able to specify, at a gluster volume level, the default > permissions that a directory or file is given when they are created, > irrespective of the client's umask. > > I believe samba provides similar functionality via the following config > settings: > > create mask > force create mode > create directory mask > force directory mode The above referenced options are documented in the `smb.conf` man-page. With this functionality it will be possible to: - have applications and users in a group for this writeable application data - create the directory that will contain the data - have the group own the directory (`chgrp`) - set the setgid-bit on the directory (`chmod`) - files created in the directory will be group-owned by the right group (not necessarily primary group of the user) - permissions of the new file can be set to `rw-rw-r--` by default, independent of the `0022` default umask for most client-side systems This last point requires modification of the umask (`create mask` options) on the bricks while the creation of files/directories is done, or overriding the requested permissions when passed (`force create mode` options). One of the use-cases where this would be useful, is containers in OpenShift. An application in a container will get a random (in a defined range) `uid`/`gid`. However if additional permissions for the application is needed an additional `gid` can be passed. This additional `gid` can give the application the ability to read/write data on a filesystem as long as the permissions on the filesystem allow this. Once the application creates files, the owner will be `random uid` / `random gid` and standard `rw-r--r--` permissions. Setting the `setgid` bit can prevent the `random gid` assignment, volume options can adjust the default permissions to `rw-rw-r--`. _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-devel
