Bug #3597
ceph-fuse: denying root access
0%
Description
lxo: ceph-fuse also recently started denying root access to files that shouldn't be readable except for root superpowers. not sure whether that started with 0.55 or a fuse update though
History
#1 Updated by Greg Farnum about 8 years ago
"denying root access"? You mean root can't read the files, but other people can? Or nobody can?
Either way this is really unlikely to be a Ceph thing, but I can't even imagine how FUSE proper would deny anything to root. :/
#2 Updated by Sam Lang about 8 years ago
- Status changed from New to Can't reproduce
I don't see this behavior with fuse 2.9.0 and latest ceph. Does it happen only on some files? What are the permissions/ownership of those files?
#3 Updated by Graham Hemingway about 8 years ago
I believe that we can reproduce this error. We are running Ubuntu 12.04 LTS Server on both the client and on the Ceph servers fully updated via apt-get. The client is an VM running in a Folsom OS cloud. The client user is the default Ubuntu user with sudo privileges. To reproduce we do the following:
1. Add ubuntu user to fuse group
sudo addgroup ubuntu fuse
2. Install latest Ceph-fuse client from testing https://raw.github.com/ceph/ceph/master/keys/release.asc | sudo apt-key add -
wget -q -O
echo deb http://ceph.com/debian-testing/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update && sudo apt-get install -y ceph-fuse
3. Create ceph config directory
sudo mkdir -p /etc/ceph
4. Create ceph.keyring with auth key
sudo nano /etc/ceph/ceph.keyring
> [client.admin]
> key = AQAKgt.....
5. Make a local directory for mounting
mkdir ~/data
6. Mount ceph
ceph-fuse -m 10.2.204.241:6789 ./data
7. Put some data in a file on ceph
echo "test" > ~/data/test_access.txt
8. See, it's there
ls l ~/data/test_access.txt 1 ubuntu ubuntu 5 Jan 3 10:00 /home/ubuntu/data/test_access.txt
-rw-rw-r-
9. Change the ownership so not everyone can read it
chmod o-r /data/test_access.txt
10. See if sudo can read it now
sudo more ~/data/test_access.txt
/home/ubuntu/data/test_access.txt: Permission denied
I believe that sudo should allow access to this file.
#4 Updated by Greg Farnum about 8 years ago
Is root actually a member of the fuse group? If not that would be correct behavior.
#5 Updated by Greg Farnum almost 8 years ago
- Status changed from Can't reproduce to Resolved
Oh, this was a bug that got fixed in commit:d87035c0c4ff, included in v0.60.