FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 04-25-2012, 12:35 PM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

[Sorry for cross-posting, but I sincerely don't know who's best to answer]

Hi,

Using many production Samba file servers on RHEL 5.6 for a while, we are
now finishing to setup a samba cluster on Ubuntu-server (oneiric) with
cman+clvm+GFS2+ctdb.


Like on our other samba setups, we are using ACLs and we set up the
setgid bit on our folders (chmod g+s folder), as well as default ACL.
The access rights are managed via the basic windows explorer security
tab and is working nicely.


But on this new GFS2, I observe that this is not working the same.

To make it short, the setgid bit gets lost when a user creates a subdir.

To be precise, here is what I'm observing :

My folder looks like this :

root@server:/foo/bar# getfacl .
# file: .
# owner: root
# group: adminsGroup
# flags: ss-
user::rwx
group::rwx
group:domainUsers:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:domainUsers:rwx
default:mask::rwx
defaultther::---

* When the user root runs 'mkdir rootDir', this directory correctly gets
the adequate rights, and it gets the setgid bit (allowing deeper
inheritance to keep working).


* When a non-root user belonging to the adminsGroup group runs 'mkdir
privDir', the directory also gain the same feature as above.


* When a basic non-root user belonging to the domainUsers group runs
'mkdir basicDir', it gets created (the ACL allows it) but the setgid bit
is *NOT* preserved.




My tests are showing that with ext3 and ext4, on the same server (and/or
on other systems), this behavior is different, and that the sgid bit is
preserved.


I have added the suiddir flag when mounting the GFS2 partition, but this
does not improve anything.



May someone tell me :
- if this new behavior is faulty or expected?
- if these mailing-lists are the best place to ask such questions?
(ubuntu-server@lists.ubuntu.com + cluster-devel@redhat.com), and if
needed advice me a better place

- if this is unexpected, if I should file a bug? (and where)

Thank you.

--
Nicolas Ecarnot

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 04-25-2012, 12:35 PM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

[Sorry for cross-posting, but I sincerely don't know who's best to answer]

Hi,

Using many production Samba file servers on RHEL 5.6 for a while, we are
now finishing to setup a samba cluster on Ubuntu-server (oneiric) with
cman+clvm+GFS2+ctdb.


Like on our other samba setups, we are using ACLs and we set up the
setgid bit on our folders (chmod g+s folder), as well as default ACL.
The access rights are managed via the basic windows explorer security
tab and is working nicely.


But on this new GFS2, I observe that this is not working the same.

To make it short, the setgid bit gets lost when a user creates a subdir.

To be precise, here is what I'm observing :

My folder looks like this :

root@server:/foo/bar# getfacl .
# file: .
# owner: root
# group: adminsGroup
# flags: ss-
user::rwx
group::rwx
group:domainUsers:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:domainUsers:rwx
default:mask::rwx
defaultther::---

* When the user root runs 'mkdir rootDir', this directory correctly gets
the adequate rights, and it gets the setgid bit (allowing deeper
inheritance to keep working).


* When a non-root user belonging to the adminsGroup group runs 'mkdir
privDir', the directory also gain the same feature as above.


* When a basic non-root user belonging to the domainUsers group runs
'mkdir basicDir', it gets created (the ACL allows it) but the setgid bit
is *NOT* preserved.




My tests are showing that with ext3 and ext4, on the same server (and/or
on other systems), this behavior is different, and that the sgid bit is
preserved.


I have added the suiddir flag when mounting the GFS2 partition, but this
does not improve anything.



May someone tell me :
- if this new behavior is faulty or expected?
- if these mailing-lists are the best place to ask such questions?
(ubuntu-server@lists.ubuntu.com + cluster-devel@redhat.com), and if
needed advice me a better place

- if this is unexpected, if I should file a bug? (and where)

Thank you.

--
Nicolas Ecarnot
 
Old 04-30-2012, 10:23 AM
Steven Whitehouse
 
Default Setgid not preserved in GFS2 with ACL

Hi,

On Wed, 2012-04-25 at 14:35 +0200, Nicolas Ecarnot wrote:
> [Sorry for cross-posting, but I sincerely don't know who's best to answer]
>
> Hi,
>
> Using many production Samba file servers on RHEL 5.6 for a while, we are
> now finishing to setup a samba cluster on Ubuntu-server (oneiric) with
> cman+clvm+GFS2+ctdb.
>
> Like on our other samba setups, we are using ACLs and we set up the
> setgid bit on our folders (chmod g+s folder), as well as default ACL.
> The access rights are managed via the basic windows explorer security
> tab and is working nicely.
>
> But on this new GFS2, I observe that this is not working the same.
>
> To make it short, the setgid bit gets lost when a user creates a subdir.
>
> To be precise, here is what I'm observing :
>
> My folder looks like this :
>
> root@server:/foo/bar# getfacl .
> # file: .
> # owner: root
> # group: adminsGroup
> # flags: ss-
> user::rwx
> group::rwx
> group:domainUsers:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:domainUsers:rwx
> default:mask::rwx
> defaultther::---
>
> * When the user root runs 'mkdir rootDir', this directory correctly gets
> the adequate rights, and it gets the setgid bit (allowing deeper
> inheritance to keep working).
>
> * When a non-root user belonging to the adminsGroup group runs 'mkdir
> privDir', the directory also gain the same feature as above.
>
> * When a basic non-root user belonging to the domainUsers group runs
> 'mkdir basicDir', it gets created (the ACL allows it) but the setgid bit
> is *NOT* preserved.
>
>
>
> My tests are showing that with ext3 and ext4, on the same server (and/or
> on other systems), this behavior is different, and that the sgid bit is
> preserved.
>
> I have added the suiddir flag when mounting the GFS2 partition, but this
> does not improve anything.
>
>
> May someone tell me :
> - if this new behavior is faulty or expected?
> - if these mailing-lists are the best place to ask such questions?
> (ubuntu-server@lists.ubuntu.com + cluster-devel@redhat.com), and if
> needed advice me a better place
> - if this is unexpected, if I should file a bug? (and where)
>
> Thank you.
>

It sounds like that might be a bug. If you can open a fedora rawhide
bug, assuming that you are not a Red Hat customer, at Red Hat's
bugzilla, then that will ensure that this doesn't get forgotten. Please
note exactly which kernel version(s) you are using and as much other
detail as possible.

Some other info which may help: Samba is supported on RHEL only in an
active/passive failover configuration, except on RHEL 6.2 and above
where it is supported in active/active.

If you are a Red Hat customer, then please report this issue via our
support team in the first instance.

Also, are you doing the tests when running as the same user on gfs2 and
ext3/4?

Steve.
 
Old 05-02-2012, 08:57 AM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

Hi Steve, hi all,

Thank you for your reply.

Le 30/04/2012 12:23, Steven Whitehouse a écrit :

It sounds like that might be a bug. If you can open a fedora rawhide
bug, assuming that you are not a Red Hat customer, at Red Hat's
bugzilla, then that will ensure that this doesn't get forgotten. Please
note exactly which kernel version(s) you are using and as much other
detail as possible.


We are Redhat customers and to track this bug, I created that :
https://access.redhat.com/support/cases/00634537
but I doubt this may be publicly accessible (according to what I
understand, *you* will be able to read it, but anyway, this is a Cc of
my primary mail). I will add details (kernel, gfs2 version, etc...)



Some other info which may help: Samba is supported on RHEL only in an
active/passive failover configuration, except on RHEL 6.2 and above
where it is supported in active/active.


Ambiguity for me is that here, I'm using Redhat products (ctdb, GFS2,
cman suite) on an Ubuntu server. But I sincerely doubt this makes a
difference : the issue here lies on GFS2 (I strongly suppose).



If you are a Red Hat customer, then please report this issue via our
support team in the first instance.

Also, are you doing the tests when running as the same user on gfs2 and
ext3/4?


Yes, this has been tested with the same users (root and bob).

PS : I am sincerely astonished this case has not been met before, as the
GFS2 with ACLs sounded to me quite common, but I may be wrong.


--
Nicolas Ecarnot

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 05-02-2012, 08:57 AM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

Hi Steve, hi all,

Thank you for your reply.

Le 30/04/2012 12:23, Steven Whitehouse a écrit :

It sounds like that might be a bug. If you can open a fedora rawhide
bug, assuming that you are not a Red Hat customer, at Red Hat's
bugzilla, then that will ensure that this doesn't get forgotten. Please
note exactly which kernel version(s) you are using and as much other
detail as possible.


We are Redhat customers and to track this bug, I created that :
https://access.redhat.com/support/cases/00634537
but I doubt this may be publicly accessible (according to what I
understand, *you* will be able to read it, but anyway, this is a Cc of
my primary mail). I will add details (kernel, gfs2 version, etc...)



Some other info which may help: Samba is supported on RHEL only in an
active/passive failover configuration, except on RHEL 6.2 and above
where it is supported in active/active.


Ambiguity for me is that here, I'm using Redhat products (ctdb, GFS2,
cman suite) on an Ubuntu server. But I sincerely doubt this makes a
difference : the issue here lies on GFS2 (I strongly suppose).



If you are a Red Hat customer, then please report this issue via our
support team in the first instance.

Also, are you doing the tests when running as the same user on gfs2 and
ext3/4?


Yes, this has been tested with the same users (root and bob).

PS : I am sincerely astonished this case has not been met before, as the
GFS2 with ACLs sounded to me quite common, but I may be wrong.


--
Nicolas Ecarnot
 
Old 05-02-2012, 03:06 PM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

Le 25/04/2012 14:35, Nicolas Ecarnot a écrit :

Like on our other samba setups, we are using ACLs and we set up the
setgid bit on our folders (chmod g+s folder), as well as default ACL.
The access rights are managed via the basic windows explorer security
tab and is working nicely.

But on this new GFS2, I observe that this is not working the same.

To make it short, the setgid bit gets lost when a user creates a subdir.
[...]
My tests are showing that with ext3 and ext4, on the same server (and/or
on other systems), this behavior is different, and that the sgid bit is
preserved.


Just for information :

Today's further testing in the exact same conditions are showing that an
OCFS2 partition is correctly preserving the SGID bit.


Regards,

--
Nicolas Ecarnot

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 05-02-2012, 03:06 PM
Nicolas Ecarnot
 
Default Setgid not preserved in GFS2 with ACL

Le 25/04/2012 14:35, Nicolas Ecarnot a écrit :

Like on our other samba setups, we are using ACLs and we set up the
setgid bit on our folders (chmod g+s folder), as well as default ACL.
The access rights are managed via the basic windows explorer security
tab and is working nicely.

But on this new GFS2, I observe that this is not working the same.

To make it short, the setgid bit gets lost when a user creates a subdir.
[...]
My tests are showing that with ext3 and ext4, on the same server (and/or
on other systems), this behavior is different, and that the sgid bit is
preserved.


Just for information :

Today's further testing in the exact same conditions are showing that an
OCFS2 partition is correctly preserving the SGID bit.


Regards,

--
Nicolas Ecarnot
 

Thread Tools




All times are GMT. The time now is 12:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org