From: Nicolas Ecarnot <nicolas@ecarnot.net>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] Setgid not preserved in GFS2 with ACL
Date: Wed, 25 Apr 2012 14:35:49 +0200 [thread overview]
Message-ID: <4F97EFA5.20605@ecarnot.net> (raw)
[Sorry for cross-posting, but I sincerely don't know who's best to answer]
Hi,
Using many production Samba file servers on RHEL 5.6 for a while, we are
now finishing to setup a samba cluster on Ubuntu-server (oneiric) with
cman+clvm+GFS2+ctdb.
Like on our other samba setups, we are using ACLs and we set up the
setgid bit on our folders (chmod g+s folder), as well as default ACL.
The access rights are managed via the basic windows explorer security
tab and is working nicely.
But on this new GFS2, I observe that this is not working the same.
To make it short, the setgid bit gets lost when a user creates a subdir.
To be precise, here is what I'm observing :
My folder looks like this :
root at server:/foo/bar# getfacl .
# file: .
# owner: root
# group: adminsGroup
# flags: ss-
user::rwx
group::rwx
group:domainUsers:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:domainUsers:rwx
default:mask::rwx
default:other::---
* When the user root runs 'mkdir rootDir', this directory correctly gets
the adequate rights, and it gets the setgid bit (allowing deeper
inheritance to keep working).
* When a non-root user belonging to the adminsGroup group runs 'mkdir
privDir', the directory also gain the same feature as above.
* When a basic non-root user belonging to the domainUsers group runs
'mkdir basicDir', it gets created (the ACL allows it) but the setgid bit
is *NOT* preserved.
My tests are showing that with ext3 and ext4, on the same server (and/or
on other systems), this behavior is different, and that the sgid bit is
preserved.
I have added the suiddir flag when mounting the GFS2 partition, but this
does not improve anything.
May someone tell me :
- if this new behavior is faulty or expected?
- if these mailing-lists are the best place to ask such questions?
(ubuntu-server at lists.ubuntu.com + cluster-devel at redhat.com), and if
needed advice me a better place
- if this is unexpected, if I should file a bug? (and where)
Thank you.
--
Nicolas Ecarnot
next reply other threads:[~2012-04-25 12:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-25 12:35 Nicolas Ecarnot [this message]
2012-04-30 10:23 ` [Cluster-devel] Setgid not preserved in GFS2 with ACL Steven Whitehouse
2012-05-02 8:57 ` Nicolas Ecarnot
2012-05-02 15:06 ` Nicolas Ecarnot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F97EFA5.20605@ecarnot.net \
--to=nicolas@ecarnot.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.