Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.1.1, Lustre 2.1.2
-
None
-
3
-
8532
Description
On a node with root_squash activated, if root try to access to attributes of file (fstat) which has not been previously accessed, the operation return ENOPERM.
If the attributes file were accessed by an authorized user, then root can access attributes without troubles.
as root :
[root@clientae ~]# mount -t lustre 192.168.1.100:/scratch /scratch
[root@clientae ~]# cd /scratch/
[root@clientae scratch]# ls -la
total 16
drwxrwxrwx 4 root root 4096 Aug 21 18:03 .
dr-xr-xr-x. 28 root root 4096 Aug 22 15:53 ..
drwxr-xr-x 2 root root 4096 Jun 21 18:42 .lustre
drwx------ 2 slurm users 4096 Aug 21 18:03 test_dir
[root@clientae scratch]# cd test_dir/
[root@clientae test_dir]# ls -la
ls: cannot open directory .: Permission denied
then, as user 'slurm' :
[slurm@clientae ~]$ cd /scratch/test_dir
[slurm@clientae test_dir]# ls -la
total 16
drwx------ 2 slurm users 4096 Aug 21 18:03 .
drwxrwxrwx 4 root root 4096 Aug 22 16:47 ..
rw-rr- 1 slurm users 7007 Aug 22 15:58 afile
now, come back as user root an replay the 'ls' command :
[root@clientae test_dir]# ls -la
total 16
drwx------ 2 slurm users 4096 Aug 21 18:03 .
drwxrwxrwx 4 root root 4096 Aug 22 16:47 ..
rw-rr- 1 slurm users 7007 Aug 22 15:58 afile
[root@clientae test_dir]# stat afile
File: `afile'
Size: 7007 Blocks: 16 IO Block: 2097152 regular file
Device: d61f715ah/3592384858d Inode: 144115238826934275 Links: 1
Access: (0644/rw-rr-) Uid: ( 500/ slurm) Gid: ( 100/ users)
Access: 2012-08-22 15:59:26.000000000 +0200
Modify: 2012-08-22 15:58:55.000000000 +0200
Change: 2012-08-22 15:58:55.000000000 +0200
At this point if you try to have a look into the file as root, you get ENOPERM
[root@clientae test_dir]# cat afile
cat: afile: Permission denied
even if you already got access to the content with the authorized user.
But, if the file is opened by the user ('tail -f afile' for exemple), root get access to the content of the file as well
[root@clientae test_dir]# tail afile
coucou
coucou
coucou
coucou
coucou
coucou
coucou
coucou
coucou
coucou
As soon as the file is closed by the user, root left access to the content(at least can't open the file any more)
Alex.
Attachments
Issue Links
Activity
Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/10744/
Subject: LU-1778 llite: fix inconsistencies of root squash feature
Project: fs/lustre-release
Branch: b2_5
Current Patch Set:
Commit: d82b4f54cbbe269519330e88639dd8e197636496
Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/10743/
Subject: LU-1778 libcfs: add a service that prints a nidlist
Project: fs/lustre-release
Branch: b2_5
Current Patch Set:
Commit: 57a8a6bec4dc965388b5bba48e7501f79bdab44b
The two above patches #10743 and #10744 have been posted and are ready for review since end of June.
Would it be possible to have them included in the next 2.5 maintenance release: 2.5.3 ?
I have backported the two patches to be integrated in 2.5 maintenance release.
http://review.whamcloud.com/10743
http://review.whamcloud.com/10744
This ticket has not been fixed yet.
The main patch http://review.whamcloud.com/#change,5700 is still in progress.
The patch #8479 has been landed and then reverted due to a conflit with GNIIPLND patch.
I have posted a new version of the patch: http://review.whamcloud.com/9221
Thank you. Would it be possible for you to rebase this on current master? There are a few conflicts preventing merge.
Closing as the issue has been fixed (several months ago) in master and 2.5 maintenance release.