summaryrefslogtreecommitdiffstats
path: root/glusterfsd
diff options
context:
space:
mode:
authorRaghavendra Bhat <raghavendra@redhat.com>2013-04-19 12:27:03 +0530
committerVijay Bellur <vbellur@redhat.com>2014-02-10 23:32:05 -0800
commit28209283a67f13802cc0c1d3df07c676926810a2 (patch)
tree5cf62085fa1a4bbc6d76eb1763f343c6116ea195 /glusterfsd
parent97ce783de326b51fcba65737f07db2c314d1e218 (diff)
protocol/server: do not do root-squashing for trusted clients
* As of now clients mounting within the storage pool using that machine's ip/hostname are trusted clients (i.e clients local to the glusterd). * Be careful when the request itself comes in as nfsnobody (ex: posix tests). So move the squashing part to protocol/server when it creates a new frame for the request, instead of auth part of rpc layer. * For nfs servers do root-squashing without checking if it is trusted client, as all the nfs servers would be running within the storage pool, hence will be trusted clients for the bricks. * Provide one more option for mounting which actually says root-squash should/should not happen. This value is given priority only for the trusted clients. For non trusted clients, the volume option takes the priority. But for trusted clients if root-squash should not happen, then they have to be mounted with root-squash=no option. (This is done because by default blocking root-squashing for the trusted clients will cause problems for smb and UFO clients for which the requests have to be squashed if the option is enabled). * For geo-replication and defrag clients do not do root-squashing. * Introduce a new option in open-behind for doing read after successful open. Change-Id: I8a8359840313dffc34824f3ea80a9c48375067f0 BUG: 954057 Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com> Reviewed-on: http://review.gluster.org/4863 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'glusterfsd')
-rw-r--r--glusterfsd/src/glusterfsd.c33
-rw-r--r--glusterfsd/src/glusterfsd.h1
2 files changed, 34 insertions, 0 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index 098a916..c47d2ca 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -192,6 +192,9 @@ static struct argp_option gf_options[] = {
"[default: 48]"},
{"client-pid", ARGP_CLIENT_PID_KEY, "PID", OPTION_HIDDEN,
"client will authenticate itself with process id PID to server"},
+ {"no-root-squash", ARGP_FUSE_NO_ROOT_SQUASH_KEY, "BOOL",
+ OPTION_ARG_OPTIONAL, "disable/enable root squashing for the trusted "
+ "client"},
{"user-map-root", ARGP_USER_MAP_ROOT_KEY, "USER", OPTION_HIDDEN,
"replace USER with root in messages"},
{"dump-fuse", ARGP_DUMP_FUSE_KEY, "PATH", 0,
@@ -467,6 +470,32 @@ set_fuse_mount_options (glusterfs_ctx_t *ctx, dict_t *options)
break;
}
+ switch (cmd_args->no_root_squash) {
+ case GF_OPTION_ENABLE: /* enable */
+ ret = dict_set_static_ptr (options, "no-root-squash",
+ "enable");
+ if (ret < 0) {
+ gf_log ("glusterfsd", GF_LOG_ERROR,
+ "failed to set 'enable' for key "
+ "no-root-squash");
+ goto err;
+ }
+ break;
+ case GF_OPTION_DISABLE: /* disable/default */
+ default:
+ ret = dict_set_static_ptr (options, "no-root-squash",
+ "disable");
+ if (ret < 0) {
+ gf_log ("glusterfsd", GF_LOG_ERROR,
+ "failed to set 'disable' for key "
+ "no-root-squash");
+ goto err;
+ }
+ gf_log ("", GF_LOG_DEBUG, "fuse no-root-squash mode %d",
+ cmd_args->no_root_squash);
+ break;
+ }
+
if (!cmd_args->no_daemon_mode) {
ret = dict_set_static_ptr (options, "sync-to-mount",
"enable");
@@ -900,6 +929,10 @@ parse_opts (int key, char *arg, struct argp_state *state)
"unknown direct I/O mode setting \"%s\"", arg);
break;
+ case ARGP_FUSE_NO_ROOT_SQUASH_KEY:
+ cmd_args->no_root_squash = _gf_true;
+ break;
+
case ARGP_ENTRY_TIMEOUT_KEY:
d = 0.0;
diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h
index 9e2a0e5..ad4c369 100644
--- a/glusterfsd/src/glusterfsd.h
+++ b/glusterfsd/src/glusterfsd.h
@@ -84,6 +84,7 @@ enum argp_option_keys {
ARGP_FUSE_MOUNTOPTS_KEY = 164,
ARGP_FUSE_USE_READDIRP_KEY = 165,
ARGP_AUX_GFID_MOUNT_KEY = 166,
+ ARGP_FUSE_NO_ROOT_SQUASH_KEY = 167,
};
struct _gfd_vol_top_priv_t {