Project

General

Profile

Bug #3597

ceph-fuse: denying root access

Added by Sam Lang over 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

lxo: ceph-fuse also recently started denying root access to files that shouldn't be readable except for root superpowers. not sure whether that started with 0.55 or a fuse update though

History

#1 Updated by Greg Farnum over 11 years ago

"denying root access"? You mean root can't read the files, but other people can? Or nobody can?

Either way this is really unlikely to be a Ceph thing, but I can't even imagine how FUSE proper would deny anything to root. :/

#2 Updated by Sam Lang over 11 years ago

  • Status changed from New to Can't reproduce

I don't see this behavior with fuse 2.9.0 and latest ceph. Does it happen only on some files? What are the permissions/ownership of those files?

#3 Updated by Graham Hemingway about 11 years ago

I believe that we can reproduce this error. We are running Ubuntu 12.04 LTS Server on both the client and on the Ceph servers fully updated via apt-get. The client is an VM running in a Folsom OS cloud. The client user is the default Ubuntu user with sudo privileges. To reproduce we do the following:

1. Add ubuntu user to fuse group
sudo addgroup ubuntu fuse

2. Install latest Ceph-fuse client from testing
wget -q -O
https://raw.github.com/ceph/ceph/master/keys/release.asc | sudo apt-key add -
echo deb http://ceph.com/debian-testing/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update && sudo apt-get install -y ceph-fuse

3. Create ceph config directory
sudo mkdir -p /etc/ceph

4. Create ceph.keyring with auth key
sudo nano /etc/ceph/ceph.keyring
> [client.admin]
> key = AQAKgt.....

5. Make a local directory for mounting
mkdir ~/data

6. Mount ceph
ceph-fuse -m 10.2.204.241:6789 ./data

7. Put some data in a file on ceph
echo "test" > ~/data/test_access.txt

8. See, it's there
ls l ~/data/test_access.txt
-rw-rw-r-
1 ubuntu ubuntu 5 Jan 3 10:00 /home/ubuntu/data/test_access.txt

9. Change the ownership so not everyone can read it
chmod o-r /data/test_access.txt

10. See if sudo can read it now
sudo more ~/data/test_access.txt
/home/ubuntu/data/test_access.txt: Permission denied

I believe that sudo should allow access to this file.

#4 Updated by Greg Farnum about 11 years ago

Is root actually a member of the fuse group? If not that would be correct behavior.

#5 Updated by Greg Farnum almost 11 years ago

  • Status changed from Can't reproduce to Resolved

Oh, this was a bug that got fixed in commit:d87035c0c4ff, included in v0.60.

Also available in: Atom PDF