On Apr 9, 2010, at 12:12 PM, Bart Taylor wrote: > > I don't have any ideas. Are you able to step through translate_ids? Does it > get to iterate_root_squash_wildcards? > > Yes. I can see the "Translated ids from" message in the logs. > > I turned on verbose logging and just grabbed the output of the echo command I > mentioned before. The whole log is attached, but the short version is below. > It looks like for the crdirent, the ids are translated, a bunch of > permissions checking is done based on the translated ids, and it gets the > okay. Skip ahead to the next state machine operation (getattr), and the > attr_owner and attr_group retrieved from the s_op->attr are 0, not the > squashed value of 99.
Hi Bart, I just committed a fix for this to HEAD. Let me know if it doesn't work for you. Thanks for the help debugging! -sam > > > Bart. > > > > root handle: 1048576 > foo.txt handle: 1048573 > > > Apr 9 11:26:24 node1 PVFS2: [A] root.r...@node1 H=1048576 S=0x9ac2048: > crdirent: start > Apr 9 11:26:24 node1 PVFS2: [D] (0x9ac2048) crdirent (prelude sm) state: > getattr_if_needed > Apr 9 11:26:24 node1 PVFS2: [D] About to retrieve attributes for handle > 1048576 > Apr 9 11:26:24 node1 PVFS2: [D] dspace_getattr fast path attr cache hit on > 1048576 > Apr 9 11:26:24 node1 PVFS2: [D] BMI_query_addr_range 236, tcp://0.0.0.0, > netmask: 0 > Apr 9 11:26:24 node1 PVFS2: [D] Translated ids from <0:0> to <99:99> > Apr 9 11:26:24 node1 PVFS2: [D] PVFS operation "crdirent" got attr mask 127 > (attr_uid_valid? yes, attr_owner = 0, credentials_uid = 99) > (attr_gid_valid? yes, attr_group = 0, credentials.gid = 99) > Apr 9 11:26:24 node1 PVFS2: [D] - check_mode called --- > (uid=99,gid=99,access_type=2) > Apr 9 11:26:24 node1 PVFS2: [D] - object attributes --- > (uid=0,gid=0,mode=511) > Apr 9 11:26:24 node1 PVFS2: [D] - checking if uid (99) is root ... > Apr 9 11:26:25 node1 PVFS2: [D] - no > Apr 9 11:26:25 node1 PVFS2: [D] - checking if owner (0) matches uid (99)... > Apr 9 11:26:25 node1 PVFS2: [D] - no > Apr 9 11:26:25 node1 PVFS2: [D] - checking if permissions (511) allows > access type (2) by others... > Apr 9 11:26:25 node1 PVFS2: [D] - yes > Apr 9 11:26:25 node1 PVFS2: [D] - check_mode called --- > (uid=99,gid=99,access_type=1) > Apr 9 11:26:25 node1 PVFS2: [D] - object attributes --- > (uid=0,gid=0,mode=511) > Apr 9 11:26:25 node1 PVFS2: [D] - checking if uid (99) is root ... > Apr 9 11:26:25 node1 PVFS2: [D] - no > Apr 9 11:26:25 node1 PVFS2: [D] - checking if owner (0) matches uid (99)... > Apr 9 11:26:25 node1 PVFS2: [D] - no > Apr 9 11:26:25 node1 PVFS2: [D] - checking if permissions (511) allows > access type (1) by others... > Apr 9 11:26:25 node1 PVFS2: [D] - yes > Apr 9 11:26:25 node1 PVFS2: [D] Final permission check for "crdirent" set > error code to 0 > Apr 9 11:26:25 node1 PVFS2: [D] (0x9ac2048) crdirent (prelude sm) state: > perm_check (status = 0) > Apr 9 11:26:25 node1 PVFS2: [A] nobody.nob...@node1 H=1048576 S=0x9ac2048: > crdirent: crdirent entry: foo.txt points to 1048573 > Apr 9 11:26:25 node1 PVFS2: [D] got crdirent for foo.txt (with handle > 1048573) in 1048576 > .... > Apr 9 11:26:26 node1 PVFS2: [A] root.r...@node1 H=1048573 S=0x9ac3150: > getattr: start > Apr 9 11:26:26 node1 PVFS2: [D] (0x9ac3150) getattr (prelude sm) state: > getattr_if_needed > Apr 9 11:26:26 node1 PVFS2: [D] About to retrieve attributes for handle > 1048573 > Apr 9 11:26:26 node1 PVFS2: [D] dspace_getattr fast path attr cache hit on > 1048573 > Apr 9 11:26:26 node1 PVFS2: [D] (dfile_count=1, dist_size=48) > Apr 9 11:26:26 node1 PVFS2: [D] BMI_query_addr_range 236, tcp://0.0.0.0, > netmask: 0 > Apr 9 11:26:26 node1 PVFS2: [D] Translated ids from <0:0> to <99:99> > Apr 9 11:26:26 node1 PVFS2: [D] PVFS operation "getattr" got attr mask 127 > (attr_uid_valid? yes, attr_owner = 0, credentials_uid = 99) > (attr_gid_valid? yes, attr_group = 0, credentials.gid = 99) > .... > Apr 9 11:26:27 node1 PVFS2: [D] Getattr detected stuffed file. > Apr 9 11:26:27 node1 PVFS2: [D] dspace_getattr fast path attr cache hit on > 4294967293 > Apr 9 11:26:27 node1 PVFS2: [D] (bstream_size=0) > Apr 9 11:26:27 node1 PVFS2: [D] - RETURNING retrieved attrs: [owner = 0, > group = 0 perms = 644, type = 1, atime = 1270830383, mtime = > 1270830383 ctime = 1270830383, dist_size = 48] > > > > > > On Thu, Apr 8, 2010 at 10:57 PM, Sam Lang <[email protected]> wrote: > > On Apr 7, 2010, at 9:46 AM, Bart Taylor wrote: > > > > > Attached is a patch that partially fixes the RootSquash option. Prelude was > > using an old fsid variable that was no longer being used. I changed that to > > the target_fs_id value in the s_op, and that made some progress. I can see > > in the server logging that the squashing code is correctly replacing the > > uid and gid fields in the request credentials. Most operations like > > changing another user's file, removing, changing attributes, etc now result > > in a permission denied message. > > Hi Bart, > > I committed your fix to HEAD. Thanks for the patch! > > > > > I am still having an issue when creating a file as root. The file is > > created and owned by root.root, and no data is written to the file. In > > previous incarnations of this option, the empty file would be created but > > owned by AnonUID.AnonGID as defined in the fs.conf file. Any ideas as to > > why this might not work the same way now? > > I don't have any ideas. Are you able to step through translate_ids? Does it > get to iterate_root_squash_wildcards? > > -sam > > > > > > Bart. > > > > > > > > > > On Tue, Apr 6, 2010 at 9:16 AM, Bart Taylor <[email protected]> wrote: > > > > Has anyone tried using the RootSquash/RootSquashExceptions options > > recently? I cannot make them work with the 2.8.2 release. > > > > Bart. > > > > > > <rootsquash-fsid.patch>_______________________________________________ > > Pvfs2-developers mailing list > > [email protected] > > http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers > > > <messages> _______________________________________________ Pvfs2-users mailing list [email protected] http://www.beowulf-underground.org/mailman/listinfo/pvfs2-users
