Ceph » CephFS

when using CephFS with POSIX ACLs I noticed that the .snap directory does not inherit the ACLs from its parent but only the standard UNIX permissions.

This results in a permission denied error when users want to access snapshots in that directory because they are not the owner or in the group. They do have access to the directory via a group that is listed in the POSIX ACLs.

To reproduce:

mounted CephFS on /mnt/cephfs

# mkdir /mnt/cephfs/test

# chmod 0750 /mnt/cephfs/test

# ls -ld /mnt/cephfs/test
drwxr-x--- 2 root root 0 Aug 10 09:31 /mnt/cephfs/test/

# setfacl -m g:users:rwx /mnt/cephfs/test

# getfacl /mnt/cephfs/test
getfacl: Removing leading '/' from absolute path names
# file: mnt/cephfs/test
# owner: root
# group: root
user::rwx
group::r-x
group:users:rwx
mask::rwx
other::---

# mkdir /mnt/cephfs/test/.snap/snap01

# ls -la /mnt/cephfs/test/.snap
total 0
drwxrwx---  2 root root 0 Aug 10 09:31 ./
drwxrwx---+ 2 root root 0 Aug 10 09:31 ../
drwxrwx---+ 2 root root 0 Aug 10 09:31 snap01/

# getfacl /mnt/cephfs/test/.snap
getfacl: Removing leading '/' from absolute path names
# file: mnt/cephfs/test/.snap
# owner: root
# group: root
user::rwx
group::rwx
other::---

# getfacl /mnt/cephfs/test/.snap/snap01
getfacl: Removing leading '/' from absolute path names
# file: mnt/cephfs/test/.snap/snap01
# owner: root
# group: root
user::rwx
group::r-x
group:users:rwx
mask::rwx
other::---

Result: Members of the group "users" do not have access to the snapshots because the .snap directory does not carry the ACLs.

Should be: Members of the group "users" have access to the snapshots.