Actions
Bug #50108
openaccess to a file with the wrong permission when changing the parent directory's ACL permission
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
ceph-qa-suite:
fs
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Recently, we tried to manage the permission of files and directories in ceph with ACL.
Basically, we planed to set permission of some dirctories to 770 and midify some group ACL to those dirctories, so only the users in right group can access the files.
However, after appling the 770 and acl perimission, a lot of users reported that they did not have permssion to access the files, ever they in the right group.
We tried to figue it out. So, in host_1, we created a file in ceph with the path like: dir1/dir2/dir3/dir4/dir5/test.text
, and set 771 to parent directories and 774 to file, and read this file from other hosts. Then we change the permission of dir dir3
- we tried to read file from other hosts with other user, it's ok and the file could be accessed;
- we ran chmod 770 to
dir4
, and it showedPermission Deniednon-zero return code
, when we try to read thetest.text
- we modify the group ACL
group:gid:1
todir4
, and it still show showedPermission Deniednon-zero return code
, when we try to read thetest.text
; - we run
ls dir3
in one host and try to read the file and we can see in the host which running the ls get the right permission, and ohter host still used the wrong permission; - Then run
ls dir3
in all hosts and all hosts get right permission - Finally, remove the ACL permission, but all hosts still owned the permission to read the file
Files
Updated by Loïc Dachary about 3 years ago
- Target version changed from v14.2.20 to v14.2.21
Updated by Greg Farnum almost 3 years ago
- Project changed from Ceph to CephFS
- Category deleted (
cephx)
Actions