Bug #3597
closedceph-fuse: denying root access
0%
Description
lxo: ceph-fuse also recently started denying root access to files that shouldn't be readable except for root superpowers. not sure whether that started with 0.55 or a fuse update though
Updated by Greg Farnum over 11 years ago
"denying root access"? You mean root can't read the files, but other people can? Or nobody can?
Either way this is really unlikely to be a Ceph thing, but I can't even imagine how FUSE proper would deny anything to root. :/
Updated by Sam Lang over 11 years ago
- Status changed from New to Can't reproduce
I don't see this behavior with fuse 2.9.0 and latest ceph. Does it happen only on some files? What are the permissions/ownership of those files?
Updated by Graham Hemingway over 11 years ago
I believe that we can reproduce this error. We are running Ubuntu 12.04 LTS Server on both the client and on the Ceph servers fully updated via apt-get. The client is an VM running in a Folsom OS cloud. The client user is the default Ubuntu user with sudo privileges. To reproduce we do the following:
1. Add ubuntu user to fuse group
sudo addgroup ubuntu fuse
2. Install latest Ceph-fuse client from testing https://raw.github.com/ceph/ceph/master/keys/release.asc | sudo apt-key add -
wget -q -O
echo deb http://ceph.com/debian-testing/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update && sudo apt-get install -y ceph-fuse
3. Create ceph config directory
sudo mkdir -p /etc/ceph
4. Create ceph.keyring with auth key
sudo nano /etc/ceph/ceph.keyring
> [client.admin]
> key = AQAKgt.....
5. Make a local directory for mounting
mkdir ~/data
6. Mount ceph
ceph-fuse -m 10.2.204.241:6789 ./data
7. Put some data in a file on ceph
echo "test" > ~/data/test_access.txt
8. See, it's there
ls l ~/data/test_access.txt 1 ubuntu ubuntu 5 Jan 3 10:00 /home/ubuntu/data/test_access.txt
-rw-rw-r-
9. Change the ownership so not everyone can read it
chmod o-r /data/test_access.txt
10. See if sudo can read it now
sudo more ~/data/test_access.txt
/home/ubuntu/data/test_access.txt: Permission denied
I believe that sudo should allow access to this file.
Updated by Greg Farnum over 11 years ago
Is root actually a member of the fuse group? If not that would be correct behavior.
Updated by Greg Farnum about 11 years ago
- Status changed from Can't reproduce to Resolved
Oh, this was a bug that got fixed in commit:d87035c0c4ff, included in v0.60.