RE: [NFS-Ganesha-Devel] [NFS-Ganesha-Devel]ceph_fsal_setattr2 returned Operation not permitted

RE: [NFS-Ganesha-Devel] [NFS-Ganesha-Devel]ceph_fsal_setattr2 returned Operation not permitted

[Frank Filz]

Ah, when FSAL_CEPH was written, Ceph didn't have CEPH_SETATTR_ATIME_NOW =
and CEPH_SETATTR_MTIME_NOW. Now that they are available, we should use =
them. We may need to conditional compile.

Frank

> -----Original Message-----
> From: zhu.shangzhong@zte.com.cn [mailto:zhu.shangzhong@zte.com.cn]
> Sent: Monday, September 17, 2018 4:39 AM
> To: devel@lists.nfs-ganesha.org; linux-nfs@vger.kernel.org
> Subject: [NFS-Ganesha-Devel] [NFS-Ganesha-Devel]ceph_fsal_setattr2 =
returned
> Operation not permitted
>=20
> How to reproduce:
> 1. mount the nfs-ganesha export directory with NFSV3 2. create new =
users:
> user1 and user2, there is the same user group for user1 and user2
>     uid=3D9998(user1) gid=3D100(users) groups=3D100(users)
>     uid=3D9997(user2) gid=3D100(users) groups=3D100(users) 3. log in =
using user1 and
> create new file named abc.txt 4. chmod 664 abc.txt 5. log in using =
user2, and
> write new content to abc.txt
>     echo 'Hello' > abc.txt
> 6. The error "Operation not permitted" will be output
>=20
> Expected result:
> user2 may write data to file abc.txt successfully.
>=20
> The more detailed info could be found in =
http://tracker.ceph.com/issues/35961
> The issue may be fixed by changing the following code, is it =
appropriate changes
> for fixing the issue?
>=20
> src\FSAL\FSAL_CEPH\handle.c
> fsal_status_t ceph_setattr2(struct fsal_obj_handle *obj_hdl, bool =
bypass, struct
> state_t *state, struct attrlist *attrib_set) { ...
> 	if (FSAL_TEST_MASK(attrib_set->valid_mask, ATTR_ATIME_SERVER)) {
> 		struct timespec timestamp;
> mask |=3D CEPH_SETATTR_ATIME;  //
> s/CEPH_SETATTR_ATIME/CEPH_SETATTR_ATIME_NOW
> ...
> if (FSAL_TEST_MASK(attrib_set->valid_mask, ATTR_MTIME_SERVER)) {
> 		struct timespec timestamp;
> mask |=3D CEPH_SETATTR_MTIME; //
> s/CEPH_SETATTR_MTIME/CEPH_SETATTR_MTIME_NOW
> ...
> }

Re: [NFS-Ganesha-Devel] [NFS-Ganesha-Devel]ceph_fsal_setattr2 returned Operation not permitted

[Jeff Layton]

On Mon, 2018-09-17 at 19:39 +0800, zhu.shangzhong@zte.com.cn wrote:
> How to reproduce:
> 1. mount the nfs-ganesha export directory with NFSV3
> 2. create new users: user1 and user2, there is the same user group for user1 and user2
>     uid=9998(user1) gid=100(users) groups=100(users)
>     uid=9997(user2) gid=100(users) groups=100(users)
> 3. log in using user1 and create new file named abc.txt
> 4. chmod 664 abc.txt
> 5. log in using user2, and write new content to abc.txt
>     echo 'Hello' > abc.txt
> 6. The error "Operation not permitted" will be output
> 
> Expected result:
> user2 may write data to file abc.txt successfully.
> 
> The more detailed info could be found in http://tracker.ceph.com/issues/35961
> The issue may be fixed by changing the following code, is it appropriate changes for fixing the issue?
> 
> src\FSAL\FSAL_CEPH\handle.c
> fsal_status_t ceph_setattr2(struct fsal_obj_handle *obj_hdl, bool bypass, struct state_t *state, struct attrlist *attrib_set)
> {
> ...
> 	if (FSAL_TEST_MASK(attrib_set->valid_mask, ATTR_ATIME_SERVER)) {
> 		struct timespec timestamp;
> mask |= CEPH_SETATTR_ATIME;  // s/CEPH_SETATTR_ATIME/CEPH_SETATTR_ATIME_NOW
> ...
> if (FSAL_TEST_MASK(attrib_set->valid_mask, ATTR_MTIME_SERVER)) {
> 		struct timespec timestamp;
> mask |= CEPH_SETATTR_MTIME; // s/CEPH_SETATTR_MTIME/CEPH_SETATTR_MTIME_NOW
> ...
> }]

If I'm reading the ceph code right, then we need to do:

    mask |= CEPH_SETATTR_MTIME|CEPH_SETATTR_MTIME_NOW;

The *_NOW fields just override how permissions are checked.

-- 
Jeff Layton <jlayton@redhat.com>