<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 23, 2016 at 12:30 PM, Soumya Koduri <span dir="ltr"><<a href="mailto:skoduri@redhat.com" target="_blank">skoduri@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 09/23/2016 08:28 AM, Pranith Kumar Karampuri wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
hi,<br>
Jiffin found an interesting problem in posix xlator where we have<br>
never been using setfsuid/gid (<a href="http://review.gluster.org/#/c/15545/" rel="noreferrer" target="_blank">http://review.gluster.org/#/c<wbr>/15545/</a>),<br>
what I am seeing regressions after this is, if the files are created<br>
using non-root user then the file creation fails because that user<br>
doesn't have permissions to create the gfid-link. So it seems like the<br>
correct way forward for this patch is to write wrappers around<br>
sys_<syscall> to do setfsuid/gid do the actual operation requested and<br>
then set it back to old uid/gid and then do the internal operations. I<br>
am planning to write posix_sys_<syscall>() to do the same, may be a macro?.<br>
</blockquote>
<br></span>
Why not otherwise around? As in can we switch to superuser when required so that we know what all internal operations need root access and avoid misusing it.<br></blockquote><div><br></div><div>The thread should have the uid/gid of the frame->root->uid/gid only at the time of executing the syscall of open/mkdir/creat in posix xlator etc, rest of the time it shouldn't. So doing it this way.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Thanks,<br>
Soumya<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
I need inputs from you guys to let me know if I am on the right path<br>
and if you see any issues with this approach.<br>
<br>
--<br>
Pranith<br>
<br>
<br></span>
______________________________<wbr>_________________<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org" target="_blank">Gluster-devel@gluster.org</a><br>
<a href="http://www.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">http://www.gluster.org/mailman<wbr>/listinfo/gluster-devel</a><br>
<br>
</blockquote>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Pranith<br></div></div>
</div></div>