-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
Lustre 2.16.0, Lustre 2.17.0
-
3
-
9223372036854775807
When using nodemap with the deny_unknown=1 option enabled, an unauthorized user (not mapped in the nodemap) is able to stat a file after an authorized user has performed a stat operation on the same file. This bypasses the intended access control and represents a potential security vulnerability. The issue is cache dependent and permission is denied again once caches are cleared.
Nodemap Config:
[root@MGS ~]# lctl get_param nodemap.TestMap.*
nodemap.TestMap.admin_nodemap=1
nodemap.TestMap.audit_mode=1
nodemap.TestMap.deny_unknown=1
nodemap.TestMap.exports=
[
{ nid: 153@gni, uuid: 2d97c328-d2c6-47f2-b6fe-63d2eeb05ad9 },
]
nodemap.TestMap.fileset=
nodemap.TestMap.forbid_encryption=0
nodemap.TestMap.id=34
nodemap.TestMap.idmap=
[
{ idtype: uid, client_id: 2001, fs_id: 5001 },
{ idtype: uid, client_id: 2002, fs_id: 5002 },
{ idtype: uid, client_id: 2005, fs_id: 5005 },
{ idtype: gid, client_id: 2001, fs_id: 5001 },
{ idtype: gid, client_id: 2002, fs_id: 5002 },
{ idtype: gid, client_id: 2005, fs_id: 5005 }
]
nodemap.TestMap.map_mode=all
nodemap.TestMap.ranges=
[
{ id: 66, start_nid: 153@gni, end_nid: 153@gni }
]
nodemap.TestMap.rbac=file_perms,dne_ops,quota_ops,byfid_ops,chlg_ops,fscrypt_admin
nodemap.TestMap.readonly_mount=0
nodemap.TestMap.sepol=
nodemap.TestMap.squash_gid=65796
nodemap.TestMap.squash_projid=99
nodemap.TestMap.squash_uid=65796
nodemap.TestMap.trusted_nodemap=0
Authorized Users:
[root@MGS ~]# cat /etc/lustre/passwd localusr00:x:5000:5000:/home/users/localusr00:/sbin/nologin localusr01:x:5001:5001:/home/users/localusr01:/sbin/nologin localusr02:x:5002:5002:/home/users/localusr02:/sbin/nologin nobodyusr:x:5005:5005:/home/users/nobodyusr:/sbin/nologin
Upcall:
[root@MGS admin]# pdsh -g mds lctl get_param mdt.*-MDT*.identity_upcall mdt.kjcf08-MDT0000.identity_upcall=/usr/sbin/l_getidentity_nss
Actual Behavior:
root@153:~ # sync && echo 3 > /proc/sys/vm/drop_caches root@153:~ # su - localusr03 -c "stat /lus/kjcf08/sanjanas_file" stat: cannot stat '/lus/kjcf08/sanjanas_file': Permission denied root@153:~ # su - localusr03 -c "stat /lus/kjcf08/sanjanas_file" stat: cannot stat '/lus/kjcf08/sanjanas_file': Permission denied root@153:~ # su - localusr01 -c "stat /lus/kjcf08/sanjanas_file" File: /lus/kjcf08/sanjanas_file Size: 0 Blocks: 2 IO Block: 4194304 regular empty file Device: 70143562h/1880372578d Inode: 144127232439222273 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2026-06-22 03:02:54.000000000 -0500 Modify: 2026-06-22 03:02:54.000000000 -0500 Change: 2026-06-22 03:02:54.000000000 -0500 Birth: - root@153:~ # su - localusr03 -c "stat /lus/kjcf08/sanjanas_file" File: /lus/kjcf08/sanjanas_file Size: 0 Blocks: 2 IO Block: 4194304 regular empty file Device: 70143562h/1880372578d Inode: 144127232439222273 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2026-06-22 03:02:54.000000000 -0500 Modify: 2026-06-22 03:02:54.000000000 -0500 Change: 2026-06-22 03:02:54.000000000 -0500 Birth: - root@153:~ # sync && echo 3 > /proc/sys/vm/drop_caches root@153:~ # su - localusr03 -c "stat /lus/kjcf08/sanjanas_file" stat: cannot stat '/lus/kjcf08/sanjanas_file': Permission denied
Potential root cause:
Metadata caching on the client side may not be properly invalidated when deny_unknown is enabled, allowing cached stat information to be accessed by unauthorized users.