Project

General

Profile

Bug #50108

access to a file with the wrong permission when changing the parent directory's ACL permission

Added by cao yi 20 days ago. Updated about 8 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
fs
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Recently, we tried to manage the permission of files and directories in ceph with ACL.

Basically, we planed to set permission of some dirctories to 770 and midify some group ACL to those dirctories, so only the users in right group can access the files.
However, after appling the 770 and acl perimission, a lot of users reported that they did not have permssion to access the files, ever they in the right group.

We tried to figue it out. So, in host_1, we created a file in ceph with the path like: dir1/dir2/dir3/dir4/dir5/test.text, and set 771 to parent directories and 774 to file, and read this file from other hosts. Then we change the permission of dir dir3

  1. we tried to read file from other hosts with other user, it's ok and the file could be accessed;
  2. we ran chmod 770 to dir4, and it showed Permission Deniednon-zero return code, when we try to read the test.text
  3. we modify the group ACL group:gid:1 to dir4, and it still show showed Permission Deniednon-zero return code, when we try to read the test.text;
  4. we run ls dir3 in one host and try to read the file and we can see in the host which running the ls get the right permission, and ohter host still used the wrong permission;
  5. Then run ls dir3 in all hosts and all hosts get right permission
  6. Finally, remove the ACL permission, but all hosts still owned the permission to read the file

微信图片_20210402111500.png View - all host use the wrong permission (95.1 KB) cao yi, 04/02/2021 03:15 AM

28.png View - only the host which had ran ls own the right permission (234 KB) cao yi, 04/02/2021 03:34 AM

48.png View - file unable to be read, after parent directory had be modified ACL (190 KB) cao yi, 04/02/2021 03:56 AM

History

#1 Updated by cao yi 20 days ago

#2 Updated by Loïc Dachary about 8 hours ago

  • Target version changed from v14.2.20 to v14.2.21

Also available in: Atom PDF