On 08/17/2017 07:36 AM, Amar Tumballi wrote:
On Thu, Aug 17, 2017 at 1:21 PM, Raghavendra Talur <rtalur@xxxxxxxxxx
<mailto:rtalur@xxxxxxxxxx>> wrote:
On Wed, Aug 16, 2017 at 5:52 PM, Ilan Schwarts <ilan84@xxxxxxxxx
<mailto:ilan84@xxxxxxxxx>> wrote:
> Hi,
> So this is a bit odd case.
> I have created 2 servers nodes (running CentOS 7.3)
> From Client machine (CentOS 7.2) I mount to one of the nodes
(nfs) using:
> [root@CentOS7286-64 mnt]# mount -t nfs
> L137B-GlusterFS-Node1.L137B-root.com:/volume1 /mnt/glustervianfs/
>
> When i created (touch) a file over the NFS:
> From Client Machine:
> [revivo@CentOS7286-64 glustervianfs]$ touch nfs3file
> [revivo@CentOS7286-64 glustervianfs]$ id revivo
> uid=2021(revivo) gid=2020(maccabi) groups=2020(maccabi),10(wheel)
>
> On Server machine:
> I monitor the file operations at VFS kernel level.
> I receive 1 event of file create, and 2 events of set attribute
changes.
> What I see is that root creates the file (uid/gid of 0)
> And then root (also) use chown and chgrp to set security (attribute)
> of the new file.
>
> When i go to the glutser volume itself and ls -la,i do see the
> *correct* (2021 - revivo /2020 - revivo) uid/gid:
> [root@L137B-GlusterFS-Node1 volume1]# ls -lia
> total 24
> 11 drwxrwxrwx. 3 revivo maccabi 4096 Aug 10 12:13 .
> 2 drwxr-xr-x. 3 root root 4096 Aug 9 14:32 ..
> 12 drw-------. 16 root root 4096 Aug 10 12:13 .glusterfs
> 31 -rw-r--r--. 2 revivo maccabi 0 Aug 10 12:13 nfs3file
>
> Why on the VFS layer i get uid/gid - 0/0
As you have pointed out above, the file is created with 0:0
owner:group but subsequent operations change owner and group using
chown and chgrp. This is because the glusterfsd(brick daemon) process
always runs as root. I don't know the exact reason why setfsuid and
setfsgid are not used although the code exist.
Amar/Pranith/Raghavendra/Vijay,
Do you know why HAVE_SET_FSID is undefined in line
https://github.com/gluster/glusterfs/blob/master/xlators/storage/posix/src/posix.c#L65
<https://github.com/gluster/glusterfs/blob/master/xlators/storage/posix/src/posix.c#L65>
Its been ~10 years since its disabled in codebase, and I don't recollect
why completely right now.
By checking the patch [1] which got this change, I couldn't make out
much: Probably something to do with Solaris support IMO.
[1] -
https://github.com/gluster/historic/commit/3176ddf99f701412bd799cc730afd598c2a13e39
May be time to run a test by removing that line as we are friendly with
only Linux/BSD right now.
From memory (so take it with a pinch of salt), setting internal xattrs
and the like needed root permissions, and not UID/GID permissions, this
was when parts of DHT xattr setting was fixed and this code path
analyzed (about less than a year back).
So when testing it out this possibly needs some consideration. @Nithya
do you have a better context to provide?
Regards,
Amar
Thanks,
Raghavendra Talur
--
Amar Tumballi (amarts)
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-devel
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-devel
