glusterfs.git/xlators/system, branch v3.2.5 Save the mode flags set by the application when ACLs are in use 2011-09-09T03:06:33+00:00 Pavan T C tcp@gluster.com 2011-09-09T02:52:34+00:00 5b4537c70ea46cea055240584d2af9da96359169 While inheriting the ACLs from a directory that has default ACLs, make sure that the mode flags set by the application are saved. It is required to inherit only the Read, Write and Execute permissions while leaving the others viz. setuid, setgid and sticky bit untouched hence honouring the requests made by the application during create operations (mknod, mkdir et al). For a description of the problem, root cause and evaluation, refer: http://bugs.gluster.com/show_bug.cgi?id=3522 Change-Id: I4d3758389327c1aa78a0ebde0079c855503a3dd7 BUG: 3522 Reviewed-on: http://review.gluster.com/379 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
While inheriting the ACLs from a directory that has default ACLs, make sure
that the mode flags set by the application are saved. It is required to
inherit only the Read, Write and Execute permissions while leaving the others
viz. setuid, setgid and sticky bit untouched hence honouring the requests made
by the application during create operations (mknod, mkdir et al).

For a description of the problem, root cause and evaluation, refer:
http://bugs.gluster.com/show_bug.cgi?id=3522

Change-Id: I4d3758389327c1aa78a0ebde0079c855503a3dd7
BUG: 3522
Reviewed-on: http://review.gluster.com/379
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
posix-acl: disable permission checks for fd based ops 2011-08-11T05:07:08+00:00 Anand Avati avati@gluster.com 2011-08-10T17:41:36+00:00 465a3f701395eb2db2620c0d2c5d9eb110dce171 If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: http://review.gluster.com/207 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
If write calls are coming in through an fd with O_RDWR or O_WRONLY
flag then a permission check is unnecessary. However writes from
NFS ideally need a "stateless" check in each call and this results
in a permission failure due to the read-only mode (disregarding the
FD's writeability).

For now it is acceptable to disable write checks as almost always
the NFS client would already be doing such basic access control.
Also because the previous access-control translator (prior to
posix ACL introduction) too was permitting writes and reads
unconditionally.

In fact the Linux KNFS server too assumes the NFS client would have
done the permission check.

Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba
BUG: 3388
Reviewed-on: http://review.gluster.com/207
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
LICENSE: s/GNU Affero General Public/GNU General Public/ 2011-08-06T13:40:14+00:00 Pranith Kumar K pranithk@gluster.com 2011-08-06T08:40:58+00:00 56127b2a7c319d4edbadb76bbc7753b303f5b509 Change-Id: Ibf5f45431d7a55b70d7304649af652d6f25bb688 BUG: 3348 Reviewed-on: http://review.gluster.com/183 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
Change-Id: Ibf5f45431d7a55b70d7304649af652d6f25bb688
BUG: 3348
Reviewed-on: http://review.gluster.com/183
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
posix-acl: perform access checks on read/write/truncate for NFS calls 2011-07-08T17:24:21+00:00 Anand Avati avati@gluster.com 2011-07-08T11:35:49+00:00 1b01b648944b8a55e09105cafdb9e28021e78574 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
access-control: Handle F_OK in perm check, and O_APPEND, O_TRUNC in open 2011-07-08T17:24:15+00:00 shishir gowda shishirng@gluster.com 2011-07-08T02:37:05+00:00 8236cf1775f5db918a951773628b35080fed1de1 Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
access-control: NFS access control expects a return of valid mode 2011-07-07T12:43:53+00:00 shishir gowda shishirng@gluster.com 2011-07-07T04:57:14+00:00 f935d0d25af51953919cc9a8732d0a545a5c3fbf The permission check is same as that of posix. We break the requests into single checks, aggregate all the valid modes and return in reply. Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
The permission check is same as that of posix. We break the requests
into single checks, aggregate all the valid modes and return in reply.

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
access-control: Save group permissions returned from backend 2011-07-05T12:21:52+00:00 shishir gowda shishirng@gluster.com 2011-07-05T03:41:51+00:00 5c20eb3bbf870edadd22d06babb5d38dad222533 The backend permissions returned in stat for group is already masked value. Use the xattr value Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3102 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102 
The backend permissions returned in stat for group is already masked
value. Use the xattr value

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3102 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
access-control: Return mode part of NFS access control request 2011-07-05T12:21:41+00:00 shishir gowda shishirng@gluster.com 2011-07-05T01:56:40+00:00 817fbc829cc71e323979315a8b718d188e45802c Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
access-control: superseded by posix-acl translator 2011-07-01T22:58:38+00:00 Anand Avati avati@gluster.com 2011-07-01T16:55:29+00:00 a55c81deb1b519e732705d8305bb485fc3778f65 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
posix-acl: implementation of POSIX ACL as a translator 2011-07-01T22:58:32+00:00 Anand Avati avati@gluster.com 2011-07-01T16:55:18+00:00 3911634c7f4e8ed6eb61c27b596e88b0a69a3202 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815