Now that I have circled back around to this, I found that directory creation isn't getting squashed either. I see two different cases when issuing a mkdir:
- In the first, the mkdir request enters the prelude state machine, but after the PINT_server_req_get_object_ref call in setup, the s_op->target_fs_id is still null. That causes it to skip all of the id translation code in prelude_perm_check. The mkdir request is followed by a crdirent which does get the translated ids, but the crdirent state machine never uses them; I am not sure if it needs to. - In the second case, I don't ever see a mkdir request go through prelude. It skips straight to the crdirent. The first time I issue a mkdir, I generally see the mkdir request go through prelude. Subsequent calls just show the crdirent. Bart. On Fri, Apr 9, 2010 at 2:40 PM, Bart Taylor <[email protected]> wrote: > It worked perfectly, thanks! > > Bart. > > > > > On Fri, Apr 9, 2010 at 12:23 PM, Sam Lang <[email protected]> wrote: > >> >> On Apr 9, 2010, at 12:12 PM, Bart Taylor wrote: >> >> > >> > I don't have any ideas. Are you able to step through translate_ids? >> Does it get to iterate_root_squash_wildcards? >> > >> > Yes. I can see the "Translated ids from" message in the logs. >> > >> > I turned on verbose logging and just grabbed the output of the echo >> command I mentioned before. The whole log is attached, but the short version >> is below. It looks like for the crdirent, the ids are translated, a bunch of >> permissions checking is done based on the translated ids, and it gets the >> okay. Skip ahead to the next state machine operation (getattr), and the >> attr_owner and attr_group retrieved from the s_op->attr are 0, not the >> squashed value of 99. >> >> Hi Bart, >> >> I just committed a fix for this to HEAD. Let me know if it doesn't work >> for you. Thanks for the help debugging! >> -sam >> >> > >> > >> > Bart. >> > >> > >> > >> > root handle: 1048576 >> > foo.txt handle: 1048573 >> > >> > >> > Apr 9 11:26:24 node1 PVFS2: [A] root.r...@node1 H=1048576 S=0x9ac2048: >> crdirent: start >> > Apr 9 11:26:24 node1 PVFS2: [D] (0x9ac2048) crdirent (prelude sm) >> state: getattr_if_needed >> > Apr 9 11:26:24 node1 PVFS2: [D] About to retrieve attributes for handle >> 1048576 >> > Apr 9 11:26:24 node1 PVFS2: [D] dspace_getattr fast path attr cache hit >> on 1048576 >> > Apr 9 11:26:24 node1 PVFS2: [D] BMI_query_addr_range 236, tcp:// >> 0.0.0.0, netmask: 0 >> > Apr 9 11:26:24 node1 PVFS2: [D] Translated ids from <0:0> to <99:99> >> > Apr 9 11:26:24 node1 PVFS2: [D] PVFS operation "crdirent" got attr mask >> 127 (attr_uid_valid? yes, attr_owner = 0, credentials_uid = 99) >> (attr_gid_valid? yes, attr_group = 0, credentials.gid = 99) >> > Apr 9 11:26:24 node1 PVFS2: [D] - check_mode called --- >> (uid=99,gid=99,access_type=2) >> > Apr 9 11:26:24 node1 PVFS2: [D] - object attributes --- >> (uid=0,gid=0,mode=511) >> > Apr 9 11:26:24 node1 PVFS2: [D] - checking if uid (99) is root ... >> > Apr 9 11:26:25 node1 PVFS2: [D] - no >> > Apr 9 11:26:25 node1 PVFS2: [D] - checking if owner (0) matches uid >> (99)... >> > Apr 9 11:26:25 node1 PVFS2: [D] - no >> > Apr 9 11:26:25 node1 PVFS2: [D] - checking if permissions (511) allows >> access type (2) by others... >> > Apr 9 11:26:25 node1 PVFS2: [D] - yes >> > Apr 9 11:26:25 node1 PVFS2: [D] - check_mode called --- >> (uid=99,gid=99,access_type=1) >> > Apr 9 11:26:25 node1 PVFS2: [D] - object attributes --- >> (uid=0,gid=0,mode=511) >> > Apr 9 11:26:25 node1 PVFS2: [D] - checking if uid (99) is root ... >> > Apr 9 11:26:25 node1 PVFS2: [D] - no >> > Apr 9 11:26:25 node1 PVFS2: [D] - checking if owner (0) matches uid >> (99)... >> > Apr 9 11:26:25 node1 PVFS2: [D] - no >> > Apr 9 11:26:25 node1 PVFS2: [D] - checking if permissions (511) allows >> access type (1) by others... >> > Apr 9 11:26:25 node1 PVFS2: [D] - yes >> > Apr 9 11:26:25 node1 PVFS2: [D] Final permission check for "crdirent" >> set error code to 0 >> > Apr 9 11:26:25 node1 PVFS2: [D] (0x9ac2048) crdirent (prelude sm) >> state: perm_check (status = 0) >> > Apr 9 11:26:25 node1 PVFS2: [A] nobody.nob...@node1 H=1048576 >> S=0x9ac2048: crdirent: crdirent entry: foo.txt points to 1048573 >> > Apr 9 11:26:25 node1 PVFS2: [D] got crdirent for foo.txt (with handle >> 1048573) in 1048576 >> > .... >> > Apr 9 11:26:26 node1 PVFS2: [A] root.r...@node1 H=1048573 S=0x9ac3150: >> getattr: start >> > Apr 9 11:26:26 node1 PVFS2: [D] (0x9ac3150) getattr (prelude sm) state: >> getattr_if_needed >> > Apr 9 11:26:26 node1 PVFS2: [D] About to retrieve attributes for handle >> 1048573 >> > Apr 9 11:26:26 node1 PVFS2: [D] dspace_getattr fast path attr cache hit >> on 1048573 >> > Apr 9 11:26:26 node1 PVFS2: [D] (dfile_count=1, dist_size=48) >> > Apr 9 11:26:26 node1 PVFS2: [D] BMI_query_addr_range 236, tcp:// >> 0.0.0.0, netmask: 0 >> > Apr 9 11:26:26 node1 PVFS2: [D] Translated ids from <0:0> to <99:99> >> > Apr 9 11:26:26 node1 PVFS2: [D] PVFS operation "getattr" got attr mask >> 127 (attr_uid_valid? yes, attr_owner = 0, credentials_uid = 99) >> (attr_gid_valid? yes, attr_group = 0, credentials.gid = 99) >> > .... >> > Apr 9 11:26:27 node1 PVFS2: [D] Getattr detected stuffed file. >> > Apr 9 11:26:27 node1 PVFS2: [D] dspace_getattr fast path attr cache hit >> on 4294967293 >> > Apr 9 11:26:27 node1 PVFS2: [D] (bstream_size=0) >> > Apr 9 11:26:27 node1 PVFS2: [D] - RETURNING retrieved attrs: [owner = >> 0, group = 0 perms = 644, type = 1, atime = 1270830383, mtime = >> 1270830383 ctime = 1270830383, dist_size = 48] >> > >> > >> > >> > >> > >> > On Thu, Apr 8, 2010 at 10:57 PM, Sam Lang <[email protected]> wrote: >> > >> > On Apr 7, 2010, at 9:46 AM, Bart Taylor wrote: >> > >> > > >> > > Attached is a patch that partially fixes the RootSquash option. >> Prelude was using an old fsid variable that was no longer being used. I >> changed that to the target_fs_id value in the s_op, and that made some >> progress. I can see in the server logging that the squashing code is >> correctly replacing the uid and gid fields in the request credentials. Most >> operations like changing another user's file, removing, changing attributes, >> etc now result in a permission denied message. >> > >> > Hi Bart, >> > >> > I committed your fix to HEAD. Thanks for the patch! >> > >> > > >> > > I am still having an issue when creating a file as root. The file is >> created and owned by root.root, and no data is written to the file. In >> previous incarnations of this option, the empty file would be created but >> owned by AnonUID.AnonGID as defined in the fs.conf file. Any ideas as to why >> this might not work the same way now? >> > >> > I don't have any ideas. Are you able to step through translate_ids? >> Does it get to iterate_root_squash_wildcards? >> > >> > -sam >> > >> > >> > > >> > > Bart. >> > > >> > > >> > > >> > > >> > > On Tue, Apr 6, 2010 at 9:16 AM, Bart Taylor <[email protected]> wrote: >> > > >> > > Has anyone tried using the RootSquash/RootSquashExceptions options >> recently? I cannot make them work with the 2.8.2 release. >> > > >> > > Bart. >> > > >> > > >> > > <rootsquash-fsid.patch>_______________________________________________ >> > > Pvfs2-developers mailing list >> > > [email protected] >> > > http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers >> > >> > >> > <messages> >> >> >
_______________________________________________ Pvfs2-developers mailing list [email protected] http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
