diff options
| author | Anand Avati <avati@gluster.com> | 2011-08-10 23:11:36 +0530 | 
|---|---|---|
| committer | Anand Avati <avati@gluster.com> | 2011-08-10 22:06:56 -0700 | 
| commit | 5ce1b5c357d490f68ae89bfd3ce31326a81a1183 (patch) | |
| tree | 2705025ee5bdd3a33d14ab1d8fc13ff787b482eb | |
| parent | b58dc65f2ac305056a25a2177cee9a03cd1bdca2 (diff) | |
posix-acl: disable permission checks for fd based ops
If write calls are coming in through an fd with O_RDWR or O_WRONLY
flag then a permission check is unnecessary. However writes from
NFS ideally need a "stateless" check in each call and this results
in a permission failure due to the read-only mode (disregarding the
FD's writeability).
For now it is acceptable to disable write checks as almost always
the NFS client would already be doing such basic access control.
Also because the previous access-control translator (prior to
posix ACL introduction) too was permitting writes and reads
unconditionally.
In fact the Linux KNFS server too assumes the NFS client would have
done the permission check.
Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba
BUG: 3388
Reviewed-on: http://review.gluster.com/208
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl.c | 2 | 
1 files changed, 2 insertions, 0 deletions
| diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index 6526e6a6438..8648485cf79 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -1904,8 +1904,10 @@ fini (xlator_t *this)  struct xlator_fops fops = {          .lookup           = posix_acl_lookup,          .open             = posix_acl_open, +#if FD_MODE_CHECK_IS_IMPLEMENTED          .readv            = posix_acl_readv,          .writev           = posix_acl_writev, +#endif          .ftruncate        = posix_acl_ftruncate,          .access           = posix_acl_access,          .truncate         = posix_acl_truncate, | 
