Bug #57084
Updated by Ramana Raja over 1 year ago
when using CephFS with POSIX ACLs I noticed that the .snap directory does not inherit the ACLs from its parent but only the standard UNIX permissions. This results in a permission denied error when users want to access snapshots in that directory because they are not the owner or in the group. They do have access to the directory via a group that is listed in the POSIX ACLs. To reproduce: mounted CephFS on /mnt/cephfs <pre> # mkdir /mnt/cephfs/test # chmod 0750 /mnt/cephfs/test # ls -ld /mnt/cephfs/test drwxr-x--- 2 root root 0 Aug 10 09:31 /mnt/cephfs/test/ # setfacl -m g:users:rwx /mnt/cephfs/test # getfacl /mnt/cephfs/test getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test # owner: root # group: root user::rwx group::r-x group:users:rwx mask::rwx other::--- # mkdir /mnt/cephfs/test/.snap/snap01 # ls -la /mnt/cephfs/test/.snap total 0 drwxrwx--- 2 root root 0 Aug 10 09:31 ./ drwxrwx---+ 2 root root 0 Aug 10 09:31 ../ drwxrwx---+ 2 root root 0 Aug 10 09:31 snap01/ # getfacl /mnt/cephfs/test/.snap getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test/.snap # owner: root # group: root user::rwx group::rwx other::--- # getfacl /mnt/cephfs/test/.snap/snap01 getfacl: Removing leading '/' from absolute path names # file: mnt/cephfs/test/.snap/snap01 # owner: root # group: root user::rwx group::r-x group:users:rwx mask::rwx other::--- </pre> Result: Members of the group "users" do not have access to the snapshots because the .snap directory does not carry the ACLs. Should be: Members of the group "users" have access to the snapshots.