From 5ce1b5c357d490f68ae89bfd3ce31326a81a1183 Mon Sep 17 00:00:00 2001 From: Anand Avati Date: Wed, 10 Aug 2011 23:11:36 +0530 Subject: posix-acl: disable permission checks for fd based ops If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: http://review.gluster.com/208 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/system/posix-acl/src/posix-acl.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'xlators/system/posix-acl') diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index 6526e6a6..8648485c 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -1904,8 +1904,10 @@ fini (xlator_t *this) struct xlator_fops fops = { .lookup = posix_acl_lookup, .open = posix_acl_open, +#if FD_MODE_CHECK_IS_IMPLEMENTED .readv = posix_acl_readv, .writev = posix_acl_writev, +#endif .ftruncate = posix_acl_ftruncate, .access = posix_acl_access, .truncate = posix_acl_truncate, -- cgit