Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-1778

Root Squash is not always properly enforced

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.6.0, Lustre 2.5.4
    • Lustre 2.1.1, Lustre 2.1.2
    • None
    • 3
    • 8532

    Description

      On a node with root_squash activated, if root try to access to attributes of file (fstat) which has not been previously accessed, the operation return ENOPERM.
      If the attributes file were accessed by an authorized user, then root can access attributes without troubles.

      as root :
      [root@clientae ~]# mount -t lustre 192.168.1.100:/scratch /scratch
      [root@clientae ~]# cd /scratch/
      [root@clientae scratch]# ls -la
      total 16
      drwxrwxrwx 4 root root 4096 Aug 21 18:03 .
      dr-xr-xr-x. 28 root root 4096 Aug 22 15:53 ..
      drwxr-xr-x 2 root root 4096 Jun 21 18:42 .lustre
      drwx------ 2 slurm users 4096 Aug 21 18:03 test_dir
      [root@clientae scratch]# cd test_dir/
      [root@clientae test_dir]# ls -la
      ls: cannot open directory .: Permission denied

      then, as user 'slurm' :
      [slurm@clientae ~]$ cd /scratch/test_dir
      [slurm@clientae test_dir]# ls -la
      total 16
      drwx------ 2 slurm users 4096 Aug 21 18:03 .
      drwxrwxrwx 4 root root 4096 Aug 22 16:47 ..
      rw-rr- 1 slurm users 7007 Aug 22 15:58 afile

      now, come back as user root an replay the 'ls' command :
      [root@clientae test_dir]# ls -la
      total 16
      drwx------ 2 slurm users 4096 Aug 21 18:03 .
      drwxrwxrwx 4 root root 4096 Aug 22 16:47 ..
      rw-rr- 1 slurm users 7007 Aug 22 15:58 afile
      [root@clientae test_dir]# stat afile
      File: `afile'
      Size: 7007 Blocks: 16 IO Block: 2097152 regular file
      Device: d61f715ah/3592384858d Inode: 144115238826934275 Links: 1
      Access: (0644/rw-rr-) Uid: ( 500/ slurm) Gid: ( 100/ users)
      Access: 2012-08-22 15:59:26.000000000 +0200
      Modify: 2012-08-22 15:58:55.000000000 +0200
      Change: 2012-08-22 15:58:55.000000000 +0200

      At this point if you try to have a look into the file as root, you get ENOPERM
      [root@clientae test_dir]# cat afile
      cat: afile: Permission denied
      even if you already got access to the content with the authorized user.

      But, if the file is opened by the user ('tail -f afile' for exemple), root get access to the content of the file as well
      [root@clientae test_dir]# tail afile
      coucou
      coucou
      coucou
      coucou
      coucou
      coucou
      coucou
      coucou
      coucou
      coucou

      As soon as the file is closed by the user, root left access to the content(at least can't open the file any more)

      Alex.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-5142 Interop 2.5.1<->2.6 failure on test suite conf-sanity test_43: check llite root_squash failed

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-6990 write error: Invalid argument when trying to set nosquash_nids

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              niu Niu Yawei (Inactive)
              louveta Alexandre Louvet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: