On Fri, Sep 23, 2016 at 12:30 PM, Soumya Koduri <skod...@redhat.com> wrote:
> > > On 09/23/2016 08:28 AM, Pranith Kumar Karampuri wrote: > >> hi, >> Jiffin found an interesting problem in posix xlator where we have >> never been using setfsuid/gid (http://review.gluster.org/#/c/15545/), >> what I am seeing regressions after this is, if the files are created >> using non-root user then the file creation fails because that user >> doesn't have permissions to create the gfid-link. So it seems like the >> correct way forward for this patch is to write wrappers around >> sys_<syscall> to do setfsuid/gid do the actual operation requested and >> then set it back to old uid/gid and then do the internal operations. I >> am planning to write posix_sys_<syscall>() to do the same, may be a >> macro?. >> > > Why not otherwise around? As in can we switch to superuser when required > so that we know what all internal operations need root access and avoid > misusing it. > The thread should have the uid/gid of the frame->root->uid/gid only at the time of executing the syscall of open/mkdir/creat in posix xlator etc, rest of the time it shouldn't. So doing it this way. > > Thanks, > Soumya > > I need inputs from you guys to let me know if I am on the right path >> and if you see any issues with this approach. >> >> -- >> Pranith >> >> >> _______________________________________________ >> Gluster-devel mailing list >> Gluster-devel@gluster.org >> http://www.gluster.org/mailman/listinfo/gluster-devel >> >> -- Pranith
_______________________________________________ Gluster-devel mailing list Gluster-devel@gluster.org http://www.gluster.org/mailman/listinfo/gluster-devel
