Actions
Bug #57084
closedPermissions of the .snap directory do not inherit ACLs
Status:
Resolved
Priority:
Normal
Assignee:
Category:
Administration/Usability
Target version:
% Done:
100%
Source:
Tags:
backport_processed
Backport:
pacific,quincy
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
MDS
Labels (FS):
snapshots
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
when using CephFS with POSIX ACLs I noticed that the .snap directory does not inherit the ACLs from its parent but only the standard UNIX permissions.
This results in a permission denied error when users want to access snapshots in that directory because they are not the owner or in the group. They do have access to the directory via a group that is listed in the POSIX ACLs.
To reproduce:
mounted CephFS on /mnt/cephfs
# mkdir /mnt/cephfs/test # chmod 0750 /mnt/cephfs/test # ls -ld /mnt/cephfs/test drwxr-x--- 2 root root 0 Aug 10 09:31 /mnt/cephfs/test/ # setfacl -m g:users:rwx /mnt/cephfs/test # getfacl /mnt/cephfs/test getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test # owner: root # group: root user::rwx group::r-x group:users:rwx mask::rwx other::--- # mkdir /mnt/cephfs/test/.snap/snap01 # ls -la /mnt/cephfs/test/.snap total 0 drwxrwx--- 2 root root 0 Aug 10 09:31 ./ drwxrwx---+ 2 root root 0 Aug 10 09:31 ../ drwxrwx---+ 2 root root 0 Aug 10 09:31 snap01/ # getfacl /mnt/cephfs/test/.snap getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test/.snap # owner: root # group: root user::rwx group::rwx other::--- # getfacl /mnt/cephfs/test/.snap/snap01 getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test/.snap/snap01 # owner: root # group: root user::rwx group::r-x group:users:rwx mask::rwx other::---
Result: Members of the group "users" do not have access to the snapshots because the .snap directory does not carry the ACLs.
Should be: Members of the group "users" have access to the snapshots.
Actions