Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.3.0, Lustre 2.1.3, Lustre 1.8.8, Lustre 1.8.7
-
None
-
Lustre 1.8.7 on CentOS 5
-
4
-
23,194
-
4667
Description
One of our users recently requested us to turn on ACLs on a new Lustre filesystem.
After doing so, we discovered that one of the features this user group needs,
does not seem to be supported by Lustre: setting a mask in the ACL that
overrides the umask of the user creating files/directories.
We thinks this is the same as https://bugzilla.lustre.org/show_bug.cgi?id=23194
We include logs showing behavious with Lustre, and for comparison NFS (backed by XFS)
and a local ext4 filesystem.
LUSTRE
======
Client: lustre-1.8.7.80-2.6.18_274.12.1.el5_g27e7ce7
(patchless build a few commits beyond 1.8.7-wc1 in order
to get the fix for LU-645).
Server: lustre-1.8.5-2.6.18_194.17.1.el5_lustre.1.8.5.nsc1_201105161812
(1.8.5 with a single patch for LU-274)
[kent@server ~]$ umask
0022
[kent@server ~]$ cd /nobackup/rossby16/kent
[kent@server kent]$ mkdir subdir
[kent@server kent]$ setfacl -R -d -m mask:007 subdir
[kent@server kent]$ getfacl subdir
- file: subdir
- owner: kent
- group: nsc
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[kent@server kent]$ mkdir subdir/dir
[kent@server kent]$ touch subdir/file
[kent@server kent]$ ls -lrt subdir/
total 4
drwxr-xr-x+ 2 kent nsc 4096 Jan 9 14:45 dir
rw-rr-+ 1 kent nsc 0 Jan 9 14:45 file
[kent@server kent]$ ls -lrtd subdir
drwxr-xr-x+ 3 kent nsc 4096 Jan 9 14:45 subdir
COMPARISON: NFS BACKED BY XFS
=============================
Client/server: CentOS 5 kernel 2.6.18-274.12.1.el5
[kent@server ~]$ umask
0022
[kent@server ~]$ mkdir subdir
[kent@server ~]$ setfacl -R -d -m mask:007 subdir
[kent@server ~]$ getfacl subdir
- file: subdir
- owner: kent
- group: nsc
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[kent@server ~]$ mkdir subdir/dir
[kent@server ~]$ touch subdir/file
[kent@server ~]$ ls -lrt subdir/
total 8
drwxrwxr-x+ 2 kent nsc 6 Jan 9 14:48 dir
rw-rw-r-+ 1 kent nsc 0 Jan 9 14:48 file
[kent@server ~]$ ls -lrtd subdir
drwxr-xr-x+ 3 kent nsc 27 Jan 9 14:48 subdir
COMPARISION: FEDORA 16
======================
Local ext4 filesystem on kernel 3.1.6-1.fc16.x86_64
[kent@workstation]~% umask
022
[kent@workstation]~% mkdir subdir
[kent@workstation]~% setfacl -R -d -m mask:007 subdir
[kent@workstation]~% getfacl subdir
- file: subdir
- owner: kent
- group: kent
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[kent@workstation]~% mkdir subdir/dir
[kent@workstation]~% touch subdir/file
[kent@workstation]~% ls -lrt subdir/
total 12
drwxrwxr-x+ 2 kent kent 4096 Jan 9 14:50 dir
rw-rw-r-+ 1 kent kent 0 Jan 9 14:50 file
[kent@workstation]~% ls -lrtd subdir
drwxr-xr-x+ 3 kent kent 4096 Jan 9 14:50 subdir
Attachments
Issue Links
- is duplicated by
-
-
- Resolved
-
- Trackbacks
-
![[Confluence: Engineering]](/images/icons/generic_link_16.png "[Confluence: Engineering]")
Lustre 1.8.x known issues tracker
While testing against Lustre b18 branch, we would hit known bugs which were already reported in Lustre Bugzilla https://bugzilla.lustre.org/. In order to move away from relying on Bugzilla, we would create a JIRA
-
Changelog 1.8
Changes from version 1.8.7wc1 to version 1.8.8wc1 Server support for kernels: 2.6.18308.4.1.el5 (RHEL5) Client support for unpatched kernels: 2.6.18308.4.1.el5 (RHEL5) 2.6.32220.13.1.el6 (RHEL6) Recommended e2fsprogs version: 1.41.90....
-
Changelog 2.1
Changes from version 2.1.1 to version 2.1.2 Server support for kernels: 2.6.18308.4.1.el5 (RHEL5) 2.6.32220.17.1.el6 (RHEL6) Client support for unpatched kernels: 2.6.18308.4.1.el5 (RHEL5) 2.6.32220.17.1....
Activity
When parent dir has default ACL, umask should be ignored. It's inefficient to check parent default ACL for each create, and it's not atomic either. So umask is sent to MDS and let server do this check.
And this should be handled in MDD layer (because it belongs to ACL initialisation for new inode), however for ldiskfs osd_object_create() calls ldiskfs_new_inode() which initialised acl internally, it looks redundant to do it again in MDD layer, so that in the implementation I just enforce umask from client and let ldiskfs do the left. However for ZFS, ACL initialization is done in ZPL, but OSD calls DMU directly, so that LU-2610 fails. Now I do think it will be better to handle this in MDD layer (though for ldiskfs it's redundant).
please clarify why do we needed to change the protocol ? why the client can't supply with the correct mode ?
well, I'm fine to fix it a bit later, but it'd be good to have a ticket for this: either we keep this one or create another.
Hmm, you're correct. At the time of implementation, I wanted the code to be simple, because only MDT create needs enforce client umask, while all places dt_create() is called don't. Do you think it's okay to fix this in DNE code since DNE needs add support for this?
I think the implementation is not quite good, especially the change in mdo_create_obj().
instead of hacking around current() in MDD, it should be done in OSD that attributes are set as passed by MDD.
The patches in http://review.whamcloud.com/#change,1976 and http://review.whamcloud.com/#change,1972 to fix the issue in this ticket have not been landed yet. So, let's reopen this ticket.
Patch for b2_3 is http://review.whamcloud.com/4661