Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
Lustre 2.16.0, Lustre 2.12.9
-
3
-
9223372036854775807
Description
The "mdt.*.enable_remote_dir_gid" parameter is intended to keep advanced functionality out of the hands of users that might abuse them. Typically this is "0" (root only) or "-1" (all users), but it is possible to set a numeric GID to allow sysadmins in a "wheel" or "admin" group to access this functionality on behalf of users.
However, it appears that the code that is checking this parameter is only checking the primary GID of the RPC against the parameter, instead of using "lustre_in_group_p()" to check all of the supplementary groups of the user, if it is not the primary one.