Project

General

Profile

Bug #10960

Permission/Access errors when using the ceph_vfs from SAMBA (4.x)

Added by Dennis Kramer over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
02/26/2015
Due date:
% Done:

0%

Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:

Description

Tried both stable as the dev version of SAMBA (4.1.17 & 4.2.0-RC5).
Tested with a Windows 7 & 2008 client.

When I'm using the ceph_vfs module in SAMBA I often get ACCESS/PERMISSION errors on the share. Mostly this happens on the ROOT of the share, but i'm not sure if that is any indication. When I disable the module and use the kernel cephfs export, everything is working fine.

Sometimes I can get it to work (e.g. file copy to the share without errors) if I refresh the explorer window (F5) in Windows inside the share. If I go inside the subdirs of the share (with exactly the same ACLs as the root), I don't get these errors. If I switch between the subdirs and the root a couple of times, it also works sometimes.

There is no change in behavior if I chmod everything to 777 on the share.

patch View (1.62 KB) Zheng Yan, 02/27/2015 12:05 PM

History

#1 Updated by Greg Farnum over 4 years ago

  • Assignee set to Zheng Yan

The root directory is special in various ways (although generally less as time goes on) so it wouldn't surprise me too much of the Samba VFS implementation was either failing to account for that or applying limits to functionality that no longer apply.

#2 Updated by Zheng Yan over 4 years ago

  • File patch View added
  • Status changed from New to Verified

The root cause is that our vfs module has no ACL related callbacks, so samba uses its default ACL callbacks. samba's default ACL callbacks are for local filesystem. In most cases, samba's default ACL callbacks will find corresponding file does not exist. But for root of the share (whose path is "."), samba's default ACL callbacks will operate on samba daemon's working directory.

you can use the attached patch as workaround.

#3 Updated by Dennis Kramer over 4 years ago

Excellent, thank you!
It seems to be working fine now. I'll do some more testing.

#4 Updated by Zheng Yan over 4 years ago

  • Status changed from Verified to Resolved

upstreamed by commit 8a1931413210db79fd671535ec4ba289dee7f710

Also available in: Atom PDF