diff options
authorAnand Avati <>2011-08-10 23:11:36 +0530
committerAnand Avati <>2011-08-10 22:07:08 -0700
commit465a3f701395eb2db2620c0d2c5d9eb110dce171 (patch)
parent92963fd0a09c912e6ababbcfe45d28ddebb0b645 (diff)
posix-acl: disable permission checks for fd based ops
If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: Tested-by: Gluster Build System <> Reviewed-by: Anand Avati <>
1 files changed, 2 insertions, 0 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 6526e6a..8648485 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -1904,8 +1904,10 @@ fini (xlator_t *this)
struct xlator_fops fops = {
.lookup = posix_acl_lookup,
.open = posix_acl_open,
.readv = posix_acl_readv,
.writev = posix_acl_writev,
.ftruncate = posix_acl_ftruncate,
.access = posix_acl_access,
.truncate = posix_acl_truncate,