Project

General

Profile

Bug #3597

ceph-fuse: denying root access

Added by Sam Lang almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature:

Description

lxo: ceph-fuse also recently started denying root access to files that shouldn't be readable except for root superpowers. not sure whether that started with 0.55 or a fuse update though

History

#1 Updated by Greg Farnum almost 8 years ago

"denying root access"? You mean root can't read the files, but other people can? Or nobody can?

Either way this is really unlikely to be a Ceph thing, but I can't even imagine how FUSE proper would deny anything to root. :/

#2 Updated by Sam Lang almost 8 years ago

  • Status changed from New to Can't reproduce

I don't see this behavior with fuse 2.9.0 and latest ceph. Does it happen only on some files? What are the permissions/ownership of those files?

#3 Updated by Graham Hemingway almost 8 years ago

I believe that we can reproduce this error. We are running Ubuntu 12.04 LTS Server on both the client and on the Ceph servers fully updated via apt-get. The client is an VM running in a Folsom OS cloud. The client user is the default Ubuntu user with sudo privileges. To reproduce we do the following:

1. Add ubuntu user to fuse group
sudo addgroup ubuntu fuse

2. Install latest Ceph-fuse client from testing
wget -q -O
https://raw.github.com/ceph/ceph/master/keys/release.asc | sudo apt-key add -
echo deb http://ceph.com/debian-testing/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update && sudo apt-get install -y ceph-fuse

3. Create ceph config directory
sudo mkdir -p /etc/ceph

4. Create ceph.keyring with auth key
sudo nano /etc/ceph/ceph.keyring
> [client.admin]
> key = AQAKgt.....

5. Make a local directory for mounting
mkdir ~/data

6. Mount ceph
ceph-fuse -m 10.2.204.241:6789 ./data

7. Put some data in a file on ceph
echo "test" > ~/data/test_access.txt

8. See, it's there
ls l ~/data/test_access.txt
-rw-rw-r-
1 ubuntu ubuntu 5 Jan 3 10:00 /home/ubuntu/data/test_access.txt

9. Change the ownership so not everyone can read it
chmod o-r /data/test_access.txt

10. See if sudo can read it now
sudo more ~/data/test_access.txt
/home/ubuntu/data/test_access.txt: Permission denied

I believe that sudo should allow access to this file.

#4 Updated by Greg Farnum almost 8 years ago

Is root actually a member of the fuse group? If not that would be correct behavior.

#5 Updated by Greg Farnum over 7 years ago

  • Status changed from Can't reproduce to Resolved

Oh, this was a bug that got fixed in commit:d87035c0c4ff, included in v0.60.

Also available in: Atom PDF