Ceph » CephFS

Recently, we tried to manage the permission of files and directories in ceph with ACL.

Basically, we planed to set permission of some dirctories to 770 and midify some group ACL to those dirctories, so only the users in right group can access the files.
However, after appling the 770 and acl perimission, a lot of users reported that they did not have permssion to access the files, ever they in the right group.

We tried to figue it out. So, in host_1, we created a file in ceph with the path like: dir1/dir2/dir3/dir4/dir5/test.text, and set 771 to parent directories and 774 to file, and read this file from other hosts. Then we change the permission of dir dir3

1. we tried to read file from other hosts with other user, it's ok and the file could be accessed;
2. we ran chmod 770 to dir4, and it showed Permission Deniednon-zero return code, when we try to read the test.text
3. we modify the group ACL group:gid:1 to dir4, and it still show showed Permission Deniednon-zero return code, when we try to read the test.text;
4. we run ls dir3 in one host and try to read the file and we can see in the host which running the ls get the right permission, and ohter host still used the wrong permission;
5. Then run ls dir3 in all hosts and all hosts get right permission
6. Finally, remove the ACL permission, but all hosts still owned the permission to read the file