Bug #23509
closedceph-fuse: broken directory permission checking
0%
Description
Description of problem:
We have encountered cephfs-fuse mounted directory different behavior than base Linux or kernel driver mounted directories have regarding to the "cd" command against directory with "rw-rw-rw-" permissions:
$ id quicklab
uid=1000(quicklab) gid=1000(quicklab) groups=1000(quicklab),4(adm)
- cat /proc/mounts
...
/dev/rbd0 /mnt/ceph-test1 ext4 rw,seclabel,relatime,stripe=1024,data=ordered 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
ceph-fuse /mnt/ceph-test2 fuse.ceph-fuse rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
10.74.157.1:6789,10.74.157.55:6789,10.74.156.172:6789:/ /mnt/ceph-test3 ceph rw,relatime,name=admin,secret=<hidden>,acl 0 0
[quicklab@mgmt-0 ~]$ df | grep ceph
/dev/rbd0 50264616 5955968 41732264 13% /mnt/ceph-test1
ceph-fuse 111099904 4788224 106311680 5% /mnt/ceph-test2
10.74.157.1:6789,10.74.157.55:6789,10.74.156.172:6789:/ 377286656 33939456 343347200 9% /mnt/ceph-test3
Linux base directory behavior:
- in regular Linux you cannot access the directory, as you can with cephfs Fuse:
but still can list:
[quicklab@mons-0 ~]$ ll /tmp/
total 0
drwxrw-rw-. 2 root root 17 Mar 20 10:44 test
[quicklab@mons-0 tmp]$ cd test/bash: cd: test/: Permission denied????? ? ? ? ? ? aaa
[quicklab@mons-0 ~]$ ll /tmp/test/
ls: cannot access /tmp/test/aaa: Permission denied
total 0
-----------------------
cephfs with kernel driver:
[root@mgmt-0 ~]# ll /mnt/ceph-test3
total 3704832rw-r--r- 1 root root 3793747968 Mar 21 07:58 rhel-server-7.3-x86_64-dvd.iso
drwxrw-rw- 1 root root 1 Feb 15 07:19 test
drwxr-xr-x 1 root root 21 Mar 21 08:06 var
[root@mgmt-0 ~]# cat /mnt/ceph-test3/test/foo
bar
barbar
bar
[root@mgmt-0 ~]# logout
[quicklab@mgmt-0 ~]$ cat /mnt/ceph-test3/test/foo
cat: /mnt/ceph-test3/test/foo: Permission denied
[quicklab@mgmt-0 ~]$ ll /mnt/ceph-test3/test/
ls: cannot access /mnt/ceph-test3/test/foo: Permission denied
total 0????? ? ? ? ? ? foo
[quicklab@mgmt-0 ~]$ cd /mnt/ceph-test3/test/
-bash: cd: /mnt/ceph-test3/test/: Permission denied
----------------------
cephfs_fuse behavior:
[quicklab@mgmt-0 ~]$ ll /mnt/ceph-test2/
total 3704833rw-r--r-. 1 root root 3793747968 Mar 21 07:58 rhel-server-7.3-x86_64-dvd.iso
drwxrw-rw-. 1 root root 15 Feb 15 07:19 test
drwxr-xr-x. 1 root root 1107205021 Mar 21 08:06 var
[quicklab@mgmt-0 ~]$ ll /mnt/ceph-test2/test/
ls: cannot access /mnt/ceph-test2/test/foo: Permission denied
total 0
-????? ? ? ? ? ? foo
-- allow you to get in ---
[quicklab@mgmt-0 ~]$ cd /mnt/ceph-test2/test/ <----------------------
[quicklab@mgmt-0 test]$ ll
ls: cannot access foo: Permission denied
total 0
-????? ? ? ? ? ? foo
[quicklab@mgmt-0 test]$ touch file
touch: cannot touch ‘file’: Permission denied
Is this behavior expected?
Version-Release number of selected component (if applicable):
ceph-fuse-12.2.1-40.el7cp.x86_64
How reproducible:
always
Steps to Reproduce:
1. mount cephfs-fuse directory
2. chmod 666 /mounted/directory
3. cd /mounted/directory