On Thu, Aug 17, 2017 at 5:16 PM, Shyam Ranganathan <srang...@redhat.com> wrote:
> On 08/17/2017 07:36 AM, Amar Tumballi wrote: > >> >> >> On Thu, Aug 17, 2017 at 1:21 PM, Raghavendra Talur <rta...@redhat.com >> <mailto:rta...@redhat.com>> wrote: >> >> On Wed, Aug 16, 2017 at 5:52 PM, Ilan Schwarts <ila...@gmail.com >> <mailto:ila...@gmail.com>> wrote: >> > Hi, >> > So this is a bit odd case. >> > I have created 2 servers nodes (running CentOS 7.3) >> > From Client machine (CentOS 7.2) I mount to one of the nodes >> (nfs) using: >> > [root@CentOS7286-64 mnt]# mount -t nfs >> > L137B-GlusterFS-Node1.L137B-root.com:/volume1 /mnt/glustervianfs/ >> > >> > When i created (touch) a file over the NFS: >> > From Client Machine: >> > [revivo@CentOS7286-64 glustervianfs]$ touch nfs3file >> > [revivo@CentOS7286-64 glustervianfs]$ id revivo >> > uid=2021(revivo) gid=2020(maccabi) groups=2020(maccabi),10(wheel) >> > >> > On Server machine: >> > I monitor the file operations at VFS kernel level. >> > I receive 1 event of file create, and 2 events of set attribute >> changes. >> > What I see is that root creates the file (uid/gid of 0) >> > And then root (also) use chown and chgrp to set security >> (attribute) >> > of the new file. >> > >> > When i go to the glutser volume itself and ls -la,i do see the >> > *correct* (2021 - revivo /2020 - revivo) uid/gid: >> > [root@L137B-GlusterFS-Node1 volume1]# ls -lia >> > total 24 >> > 11 drwxrwxrwx. 3 revivo maccabi 4096 Aug 10 12:13 . >> > 2 drwxr-xr-x. 3 root root 4096 Aug 9 14:32 .. >> > 12 drw-------. 16 root root 4096 Aug 10 12:13 .glusterfs >> > 31 -rw-r--r--. 2 revivo maccabi 0 Aug 10 12:13 nfs3file >> > >> > Why on the VFS layer i get uid/gid - 0/0 >> >> As you have pointed out above, the file is created with 0:0 >> owner:group but subsequent operations change owner and group using >> chown and chgrp. This is because the glusterfsd(brick daemon) process >> always runs as root. I don't know the exact reason why setfsuid and >> setfsgid are not used although the code exist. >> >> Amar/Pranith/Raghavendra/Vijay, >> >> Do you know why HAVE_SET_FSID is undefined in line >> https://github.com/gluster/glusterfs/blob/master/xlators/sto >> rage/posix/src/posix.c#L65 >> <https://github.com/gluster/glusterfs/blob/master/xlators/st >> orage/posix/src/posix.c#L65> >> >> >> Its been ~10 years since its disabled in codebase, and I don't recollect >> why completely right now. >> >> By checking the patch [1] which got this change, I couldn't make out >> much: Probably something to do with Solaris support IMO. >> >> [1] - https://github.com/gluster/historic/commit/3176ddf99f701412b >> d799cc730afd598c2a13e39 >> >> May be time to run a test by removing that line as we are friendly with >> only Linux/BSD right now. >> > > From memory (so take it with a pinch of salt), setting internal xattrs and > the like needed root permissions, and not UID/GID permissions, this was > when parts of DHT xattr setting was fixed and this code path analyzed > (about less than a year back). > > So when testing it out this possibly needs some consideration. @Nithya do > you have a better context to provide? > These scenarios are explicitly handled by setting uid/gid to 0 while doing these operations (like linkto file creation etc). Even if we run into bugs after removing this, explicit setting of credentials should be preferred. > >> Regards, >> Amar >> >> Thanks, >> Raghavendra Talur >> >> >> >> >> -- >> Amar Tumballi (amarts) >> >> >> _______________________________________________ >> Gluster-devel mailing list >> Gluster-devel@gluster.org >> http://lists.gluster.org/mailman/listinfo/gluster-devel >> >> _______________________________________________ > Gluster-devel mailing list > Gluster-devel@gluster.org > http://lists.gluster.org/mailman/listinfo/gluster-devel > -- Raghavendra G
_______________________________________________ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel