https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-1482 Lustre <p>Attribute are not permitted on version 2.x but works on version 1.8.x </p> <p>to reproduce the problem</p> <p>Lustre clients are mounted with option acl,user_xattr<br/> wipp-mds2@tcp:/WIPP /mnt/Lustre lustre defaults,acl, 0 0</p> <p>#!/bin/bash<br/> rm -f dummy_file_test_xattr<br/> touch dummy_file_test_xattr<br/> chown nobody:nobody dummy_file_test_xattr<br/> su -s/bin/bash nobody -c "setfacl -m g:bin:rw dummy_file_test_xattr"<br/> su -s/bin/bash nobody -c "getfacl dummy_file_test_xattr"<br/> su -s/bin/bash bin -c "setfattr -n user.test.xattr -v 123456 dummy_file_test_xattr"<br/> su -s/bin/bash bin -c "getfattr -d dummy_file_test_xattr"</p> <p>the output<br/> setfattr: dummy_file_test_xattr: Operation not permitted</p> MDS Redhat 6 64 bit with Lustre version 2.2<br/> 3 OSSs Redhat 5 64 bit with Lustre version 2.2<br/> Clients Redhat 5 64 bit with Lustre version 2.2 LU-1482

attribute not permitted on Lustre versions 2.x

Bug Major Resolved Fixed Dmitry Eremin Pierre Choukroun Tue, 5 Jun 2012 15:36:08 +0000 Thu, 8 Sep 2016 04:19:38 +0000 Thu, 8 Sep 2016 04:19:38 +0000 Lustre 2.1.0 Lustre 2.2.0 Lustre 2.1.1 Lustre 2.9.0 4 16 <p>This does appear to be a valid test case. Looking at the kernel code, it seems that users that do not own a file should still be able to create user.* xattrs on a file they have write permission on. I suspect some strange interaction between ACLs and the xattr permission checking is the cause. Is this reproducible with a RHEL6 client (filesystem could be mounted temporarily on the MDS for testing purposes)?</p> <p>However, I'm reducing the severity of this problem, since it is a relatively obscure use case, and is unlikely to be fixed in the short term.</p> <p>The attribute problem may be a corner case for you, but it is a show stopper for users of the LHC Computing Grid’s STORM storage resource manager (<a href="http://storm.forge.cnaf.infn.it/" class="external-link" target="_blank" rel="nofollow noopener">http://storm.forge.cnaf.infn.it/</a>) that want to upgrade to Lustre 2.X Attributes are used to store checksums of every file which, after every gridftp transfer, are compared between source and destination. As long as this bug remains unfixed, we cannot upgrade Lustre. I hope you will upgrade the priority for fixing this bug so that we and the other STORM sites around the world using Lustre can upgrade. </p> <p>This issue seems to be stalled since June 2012 with no evolution whatsoever. The attribute issue is really a showstopper in our case since it is avoiding the migration to lustre 2.1 and its interaction with the StoRM SRM system. We are a Tier-2 for WLCG with a storage capacity of about 600 TB. As we, there are a couple of more sites in the same situation, and therefore, the impact of this issue is not small. </p> <p>I've just tried it with a lustre 1.8 client in RH6:</p> <ol> <li>touch dummy_file_test_xattr</li> <li>chown storm:storm dummy_file_test_xattr</li> <li>su -s /bin/bash storm -c "setfacl -m g:auger:rw dummy_file_test_xattr"</li> <li>su -s/bin/bash storm -c "getfacl dummy_file_test_xattr"</li> <li>file: dummy_file_test_xattr</li> <li>owner: storm</li> <li>group: storm<br/> user::rw-<br/> group::r--<br/> group:auger:rw-<br/> mask::rw-<br/> other::r--</li> <li>su -s/bin/bash auger001 -c "setfattr -n user.test.xattr -v 123456 dummy_file_test_xattr"<br/> setfattr: dummy_file_test_xattr: Operation not supported</li> </ol> <p>Dear All</p> <p>After some investigation, mostly from two of my colleagues, we were able to pinpoint the problem. </p> <p>The main difference between lustre 1.8 and 2.x series is that the acls are now checked on the server side, while in the older 1.8 versions, these was done in the client side. This lead to some restructure of the code, and the current implementation relies on very simple validations. </p> <p>These very simple validations are done in mdd_xattr_sanity_check function under lustre/mdd/mdd_object.c. The fundamental piece of code is</p> <p> if ((uc-&gt;mu_fsuid != tmp_la-&gt;la_uid) &amp;&amp;<br/> !mdd_capable(uc, CFS_CAP_FOWNER))<br/> RETURN(-EPERM);</p> <p>which basically tells you that only the owner of the file is allowed to change the extended atributes. </p> <p>We have developed a dirty hack to overcome this issue but we do not want to make it public since it may not be general enough, or may have hidden problems since I'm sure we do not have a full understanding of the code. I'm certain that Whamcloud people can do it much better, and now that we have identified the problem, maybe the fix could be delivered faster than expected. </p> <p>Thank you<br/> Goncalo</p> <p>We are also a Tier-2 for WLCG, and have held off upgrading from Lustre 1.8.9 because of this problem. <br/> We really do need to move to Lustre 2.x!!</p> <p>The bug is is still there in v2.4.1; tested with ext4/ldiskfs back-end:<br/> -----------</p> <ol> <li>rpm -qa | grep lustre-2<br/> lustre-2.4.1-2.6.32_358.18.1.el6_lustre.x86_64.x86_64</li> </ol> <ol> <li>./testscript</li> <li>file: dummy_file_test_xattr</li> <li>owner: nobody</li> <li>group: nobody<br/> user::rw-<br/> group::r--<br/> group:bin:rw-<br/> mask::rw-<br/> other::r--</li> </ol> <p>setfattr: dummy_file_test_xattr: Operation not permitted</p> <p>-----------</p> <p>Wil this problem ever be addressed?</p> <p>Jeremy</p> <p>I think maybe something like this should fix issue?</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">diff --git a/lustre/mdd/mdd_object.c b/lustre/mdd/mdd_object.c index 5938bc9..441c3db 100644 --- a/lustre/mdd/mdd_object.c +++ b/lustre/mdd/mdd_object.c @@ -951,8 +951,8 @@ <span class="code-keyword">static</span> <span class="code-object">int</span> mdd_xattr_sanity_check(<span class="code-keyword">const</span> struct lu_env *env, !md_capable(uc, CFS_CAP_FOWNER)) RETURN(-EPERM); } <span class="code-keyword">else</span> { - <span class="code-keyword">if</span> ((uc-&gt;uc_fsuid != tmp_la-&gt;la_uid) &amp;&amp; - !md_capable(uc, CFS_CAP_FOWNER)) + <span class="code-keyword">if</span> (uc-&gt;uc_fsuid != tmp_la-&gt;la_uid &amp;&amp; + !md_capable(uc, CFS_CAP_CHOWN)) RETURN(-EPERM); } </pre> </div></div> <p> We don't need OWNER rights always..</p> <p>Wang Shilong (wshilong@ddn.com) uploaded a new patch: <a href="http://review.whamcloud.com/15959" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/15959</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-1482" title="attribute not permitted on Lustre versions 2.x" class="issue-link" data-issue-key="LU-1482"><del>LU-1482</del></a> mdd: remove owner rights check for xattr permission<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: cd58efc71705edb7ab96bc64d295d22948312d28</p> <p>Wang Shilong (wshilong@ddn.com) uploaded a new patch: <a href="http://review.whamcloud.com/19258" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/19258</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-1482" title="attribute not permitted on Lustre versions 2.x" class="issue-link" data-issue-key="LU-1482"><del>LU-1482</del></a> mdd: Setting xattr are properly checked with and without ACLs<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 8d29a17482ed41ef654d538dd3a667834b5dcf37</p> <p>Dmitry Eremin (dmitry.eremin@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/21496" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/21496</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-1482" title="attribute not permitted on Lustre versions 2.x" class="issue-link" data-issue-key="LU-1482"><del>LU-1482</del></a> mdd: Setting xattr are properly checked with and without ACLs<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 2bd076858bd40532985d7caa1609266a7fe88927</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/21496/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/21496/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-1482" title="attribute not permitted on Lustre versions 2.x" class="issue-link" data-issue-key="LU-1482"><del>LU-1482</del></a> mdd: Setting xattr are properly checked with and without ACLs<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 93e459f4d0604cccb31e5cc0a1677499d48fff0b</p> <p>Landed for 2.9</p> Duplicate LU-1343 Related Development Rank 1|hzvrlb: Rank (Obsolete) 8361