Project

General

Profile

Actions
Copy link

Feature #59388

open

mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids

Added by Rishabh Dave about 1 year ago. Updated 10 months ago.

Status:
Pending Backport
Priority:
High
Assignee:
Rishabh Dave
Category:
Correctness/Safety
Target version:
Ceph - v19.0.0
% Done:

0%

Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Reviewed:
Affected Versions:
Component(FS):
MDS
Labels (FS):
Pull request ID:
51317

Description

MDS capabilities can take 5 parameters: FS name, path, root squash, UID and GIDs. It's possible to have first 3 together in a MDS cap and also to have later 2 together in a MDS cap. But it's not possible to combine the two group fully or partially.

Following commands run successfully -

MONCAP="allow rw" 
OSDCAP="allow rw tag cephfs data=a" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=cephfs1" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=cephfs1 path=dir1/dir2" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw uid=1000" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw gids=1000,1001,1002" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw uid=1000 gids=1000,1001,1002"

But following commands don't run successfully -

ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a uid=1000" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a gids=1000,1001,1002" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a uid=1000 gids=1000,1001,1002"

Same goes when path and/or root_squash (with or without fsname) is combined with UID and/or GIDs. Following error is printed in each of these cases Error EINVAL: mds capability parse failed.

This shouldn't be the case. It should be possible to combine in a cap UID and GID with FS name/FS path/root squash.

Related issues 3 (2 open1 closed)

Copied to CephFS - Backport #62026: reef: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsIn ProgressRishabh DaveActions
Copied to CephFS - Backport #62027: quincy: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsIn ProgressRishabh DaveActions
Copied to CephFS - Backport #62028: pacific: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsRejectedRishabh DaveActions
Actions
Copy link
 #1

Updated by Rishabh Dave about 1 year ago

  • Description updated (diff)
  • Status changed from New to In Progress
  • Assignee set to Rishabh Dave
  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by Rishabh Dave about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Rishabh Dave about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Rishabh Dave about 1 year ago

  • Subject changed from "fsname", path, root_squash can't be in same cap with uid and/or gids to mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids
Actions
Copy link
 #5

Updated by Venky Shankar about 1 year ago

  • Category set to Correctness/Safety
  • Target version set to v19.0.0
  • Backport set to reef,quincy,pacific
Actions
Copy link
 #6

Updated by Venky Shankar about 1 year ago

  • Component(FS) MDS added
Actions
Copy link
 #7

Updated by Rishabh Dave 12 months ago

We can have 5 elements in one MDS Cap -

1. fs name (string)
2. fs path (string)
3. root_squash (bool)
4. uid (int)
5. gids (list of ints)

Total 31 types of MDS caps are possible (5c5 + 5c4 + 5c3 + 5c2 + 5c1 = 31). Out of these, 11 MDS caps succeeded in parsing and 20 MDS caps failed to parsing.

Parsing failed for following MDS caps -

allow rw gids=1000,1001,1002            Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw gids=1000,1001,1002'
allow rw fsname=a uid=1000              Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw fsname=a uid=1000'
allow rw fsname=a gids=1000,1001,1002           Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw fsname=a gids=1000,1001,1002'
allow rw path=/dir1 gids=1000,1001,1002         Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw path=/dir1 gids=1000,1001,1002'
allow rw root_squash uid=1000           Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw root_squash uid=1000'
allow rw root_squash gids=1000,1001,1002                Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw root_squash gids=1000,1001,1002'
allow rw fsname=a path=/dir1 uid=1000           Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw fsname=a path=/dir1 uid=1000'
allow rw fsname=a path=/dir1 gids=1000,1001,1002                Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw fsname=a path=/dir1 gids=1000,1001,1002'
allow rw fsname=a root_squash uid=1000          Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw fsname=a root_squash uid=1000'
allow rw fsname=a root_squash gids=1000,1001,1002               Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw fsname=a root_squash gids=1000,1001,1002'
allow rw fsname=a uid=1000 gids=1000,1001,1002          Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw fsname=a uid=1000 gids=1000,1001,1002'
allow rw path=/dir1 root_squash uid=1000                Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw path=/dir1 root_squash uid=1000'
allow rw path=/dir1 root_squash gids=1000,1001,1002             Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw path=/dir1 root_squash gids=1000,1001,1002'
allow rw root_squash uid=1000 gids=1000,1001,1002               Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw root_squash uid=1000 gids=1000,1001,1002'
allow rw fsname=a path=/dir1 root_squash uid=1000               Error EINVAL: mds capability parse failed, stopped at 'uid=1000' of 'allow rw fsname=a path=/dir1 root_squash uid=1000'
allow rw fsname=a path=/dir1 root_squash gids=1000,1001,1002            Error EINVAL: mds capability parse failed, stopped at 'gids=1000,1001,1002' of 'allow rw fsname=a path=/dir1 root_squash gids=1000,1001,1002'
allow rw fsname=a path=/dir1 uid=1000 gids=1000,1001,1002               Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw fsname=a path=/dir1 uid=1000 gids=1000,1001,1002'
allow rw fsname=a root_squash uid=1000 gids=1000,1001,1002              Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw fsname=a root_squash uid=1000 gids=1000,1001,1002'
allow rw path=/dir1 root_squash uid=1000 gids=1000,1001,1002            Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw path=/dir1 root_squash uid=1000 gids=1000,1001,1002'
allow rw fsname=a path=/dir1 root_squash uid=1000 gids=1000,1001,1002           Error EINVAL: mds capability parse failed, stopped at 'uid=1000 gids=1000,1001,1002' of 'allow rw fsname=a path=/dir1 root_squash uid=1000 gids=1000,1001,1002'

And following MDS caps were parsed successfully -

allow rw fsname=a
allow rw path=/dir1
allow rw root_squash
allow rw uid=1000
allow rw fsname=a path=/dir1
allow rw fsname=a root_squash
allow rw path=/dir1 root_squash
allow rw path=/dir1 uid=1000
allow rw uid=1000 gids=1000,1001,1002
allow rw fsname=a path=/dir1 root_squash
allow rw path=/dir1 uid=1000 gids=1000,1001,1002

Actions
Copy link
 #8

Updated by Rishabh Dave 12 months ago

  • Pull request ID set to 51317
Actions
Copy link
 #9

Updated by Rishabh Dave 12 months ago

  • Status changed from In Progress to Fix Under Review
Actions
Copy link
 #10

Updated by Rishabh Dave 12 months ago

The PR's makes all 31 types of MDS cap parse successfully.

Actions
Copy link
 #11

Updated by Rishabh Dave 10 months ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #12

Updated by Rishabh Dave 10 months ago

  • Status changed from Resolved to Pending Backport
Actions
Copy link
 #13

Updated by Backport Bot 10 months ago

  • Copied to Backport #62026: reef: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids added
Actions
Copy link
 #14

Updated by Backport Bot 10 months ago

  • Copied to Backport #62027: quincy: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids added
Actions
Copy link
 #15

Updated by Backport Bot 10 months ago

  • Copied to Backport #62028: pacific: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids added
Actions
Copy link
 #16

Updated by Backport Bot 10 months ago

  • Tags set to backport_processed
Actions
Copy link

Also available in: Atom PDF