Hello,
on our cluster where we have Scientific Linux 5.4 (64-bit, kernel
2.6.18-164.11.1) and Lustre 1.8.2
we are experiencing problem with setting of default ACLs.
According to rules, newly created files and directories in the directory
with a default ACLs set, get
permissions of the parent directory, thus ignoring the value of umask.
As we have checked this is really the case on Linux with ext3, but we
can not make this working in Lustre.
Here is an example.
On ACL enabled linux (Ubuntu Lucid,32-bit, kernel
2.6.32-21-generic-pae):
> mkdir noalc
> mkdir acl
> setfacl -d --set u::rwx,g::rx,g:atlas:rwx acl
> getfacl -c acl
default:user::rwx
default:group::r-x
default:group:atlas:rwx
default:mask::rwx
> umask 0777
> mkdir noacl/dir
> ls -l noacl
d--------- 2 root root .... dir
> mkdir acl/dir
> getfacl -a acl/dir
user::rwx
group::r-x
group:atlas:rwx
mask::rwx
So, here everything is okay.
But, on Lustre the last command above looks as follows
> getfacl --access --omit-header acl/dir
user::---
group::r-x #effective:---
group:atlas:rwx #effective:---
mask::---
So, the value of umask is not ignored.
Does somebody else experience the same problem?
What could be wrong in our lustre setup? As usually ACL on MDS is
enabled by mount -o acl..
The same problem is in lustre 1.6.6. Thank you very much for any help!
Best wishes, Gizo Nanava
Hello,
some time ago i have ask the question about *default* acl problem
is lustre, but have not got any answer yer.
could you please someone give me this one bit of info. it is very simple
if you already have this lustre installed.
we are using it in large prod. site.. and are interested if that is our
fault or not.. Thanks!
GN
On 05/14/2010 11:20 AM, Gizo Nanava wrote:> Hello,
>
> on our cluster where we have Scientific Linux 5.4 (64-bit, kernel
> 2.6.18-164.11.1) and Lustre 1.8.2
> we are experiencing problem with setting of default ACLs.
>
> According to rules, newly created files and directories in the
> directory with a default ACLs set, get
> permissions of the parent directory, thus ignoring the value of umask.
> As we have checked this is really the case on Linux with ext3, but we
> can not make this working in Lustre.
>
> Here is an example.
>
> On ACL enabled linux (Ubuntu Lucid,32-bit, kernel
> 2.6.32-21-generic-pae):
>
> > mkdir noalc
> > mkdir acl
> > setfacl -d --set u::rwx,g::rx,g:atlas:rwx acl
> > getfacl -c acl
> default:user::rwx
> default:group::r-x
> default:group:atlas:rwx
> default:mask::rwx
>
> > umask 0777
> > mkdir noacl/dir
> > ls -l noacl
> d--------- 2 root root .... dir
>
> > mkdir acl/dir
> > getfacl -a acl/dir
> user::rwx
> group::r-x
> group:atlas:rwx
> mask::rwx
>
> So, here everything is okay.
>
> But, on Lustre the last command above looks as follows
> > getfacl --access --omit-header acl/dir
> user::---
> group::r-x #effective:---
> group:atlas:rwx #effective:---
> mask::---
>
> So, the value of umask is not ignored.
>
> Does somebody else experience the same problem?
> What could be wrong in our lustre setup? As usually ACL on MDS is
> enabled by mount -o acl..
> The same problem is in lustre 1.6.6. Thank you very much for any help!
>
> Best wishes, Gizo Nanava
>
Giacinto Donvito
2010-May-19 18:03 UTC
[Lustre-discuss] Problem with Lustre and default ACL
Hi Gizo, we have lustre 1.8.x in production with ACLs enabled and we use them a lot indeed. I''m experiencing the same behaviour that you mention here. Why is this a problem? Cheers, Giacinto ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Giacinto Donvito LIBI -- EGEE2 SA1 INFN - Bari ITALY ------------------------------------------------------------------ giacinto.donvito at ba.infn.it | GTalk/GMail: donvito.giacinto at gmail.com tel. +39 080 5443244 Fax +39 0805442470 VOIP: +41225481596 | MSN: donvito.giacinto at hotmail.it Skype: giacinto_it | AIM/iChat: gdonvito1 | Yahoo: eric1_it ------------------------------------------------------------------ "A simple design always takes less time to finish than a complex one. So always do the simplest thing that could possibly work." Don Wells at www.extremeprogramming.org On Wed, May 19, 2010 at 19:57, Gizo Nanava <nanava at physik.uni-bonn.de>wrote:> > Hello, > > some time ago i have ask the question about *default* acl problem > is lustre, but have not got any answer yer. > could you please someone give me this one bit of info. it is very simple > if you already have this lustre installed. > we are using it in large prod. site.. and are interested if that is our > fault or not.. Thanks! > > GN > > > On 05/14/2010 11:20 AM, Gizo Nanava wrote: > > Hello, > > > > on our cluster where we have Scientific Linux 5.4 (64-bit, kernel > > 2.6.18-164.11.1) and Lustre 1.8.2 > > we are experiencing problem with setting of default ACLs. > > > > According to rules, newly created files and directories in the > > directory with a default ACLs set, get > > permissions of the parent directory, thus ignoring the value of umask. > > As we have checked this is really the case on Linux with ext3, but we > > can not make this working in Lustre. > > > > Here is an example. > > > > On ACL enabled linux (Ubuntu Lucid,32-bit, kernel > > 2.6.32-21-generic-pae): > > > > > mkdir noalc > > > mkdir acl > > > setfacl -d --set u::rwx,g::rx,g:atlas:rwx acl > > > getfacl -c acl > > default:user::rwx > > default:group::r-x > > default:group:atlas:rwx > > default:mask::rwx > > > > > umask 0777 > > > mkdir noacl/dir > > > ls -l noacl > > d--------- 2 root root .... dir > > > > > mkdir acl/dir > > > getfacl -a acl/dir > > user::rwx > > group::r-x > > group:atlas:rwx > > mask::rwx > > > > So, here everything is okay. > > > > But, on Lustre the last command above looks as follows > > > getfacl --access --omit-header acl/dir > > user::--- > > group::r-x #effective:--- > > group:atlas:rwx #effective:--- > > mask::--- > > > > So, the value of umask is not ignored. > > > > Does somebody else experience the same problem? > > What could be wrong in our lustre setup? As usually ACL on MDS is > > enabled by mount -o acl.. > > The same problem is in lustre 1.6.6. Thank you very much for any help! > > > > Best wishes, Gizo Nanava > > > > _______________________________________________ > Lustre-discuss mailing list > Lustre-discuss at lists.lustre.org > http://lists.lustre.org/mailman/listinfo/lustre-discuss >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.lustre.org/pipermail/lustre-discuss/attachments/20100519/09af9a06/attachment.html
Hello,
thank you very much for the answer. We are at least happy that
it not caused by our setup.
It is pitty that lustre does not work as it should according to its
documentation.
The problem is that a directory permissions created by a user
depends on umask setting of the user.
Probably there is no way not to allow users change their umask from some
fixed properly tunned value.
For now we have some workaround, but we would prefer as it is described
in docs.
Will this be fixed in the further lustre versions, or this is how it
should work?
Thank you. Gizo
On 05/19/2010 08:03 PM, Giacinto Donvito wrote:> Hi Gizo,
>
> we have lustre 1.8.x in production with ACLs enabled and we use them a
> lot indeed.
>
> I''m experiencing the same behaviour that you mention here.
>
> Why is this a problem?
>
> Cheers,
> Giacinto
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Giacinto Donvito LIBI -- EGEE2 SA1 INFN - Bari ITALY
> ------------------------------------------------------------------
> giacinto.donvito at ba.infn.it <mailto:giacinto.donvito at
ba.infn.it>
> | GTalk/GMail: donvito.giacinto at gmail.com
> <mailto:donvito.giacinto at gmail.com>
> tel. +39 080 5443244 Fax +39 0805442470 VOIP: +41225481596 |
> MSN: donvito.giacinto at hotmail.it <mailto:donvito.giacinto at
hotmail.it>
> Skype: giacinto_it | AIM/iChat: gdonvito1 | Yahoo: eric1_it
> ------------------------------------------------------------------
> "A simple design always takes less time to finish than a complex one.
> So always do the simplest thing that could possibly work."
> Don Wells at www.extremeprogramming.org
> <mailto:Wells at www.extremeprogramming.org>
>
>
>
> On Wed, May 19, 2010 at 19:57, Gizo Nanava <nanava at physik.uni-bonn.de
> <mailto:nanava at physik.uni-bonn.de>> wrote:
>
>
> Hello,
>
> some time ago i have ask the question about *default* acl problem
> is lustre, but have not got any answer yer.
> could you please someone give me this one bit of info. it is very
> simple
> if you already have this lustre installed.
> we are using it in large prod. site.. and are interested if that
> is our
> fault or not.. Thanks!
>
> GN
>
>
> On 05/14/2010 11:20 AM, Gizo Nanava wrote:
> > Hello,
> >
> > on our cluster where we have Scientific Linux 5.4 (64-bit,
kernel
> > 2.6.18-164.11.1) and Lustre 1.8.2
> > we are experiencing problem with setting of default ACLs.
> >
> > According to rules, newly created files and directories in the
> > directory with a default ACLs set, get
> > permissions of the parent directory, thus ignoring the value of
> umask.
> > As we have checked this is really the case on Linux with ext3,
> but we
> > can not make this working in Lustre.
> >
> > Here is an example.
> >
> > On ACL enabled linux (Ubuntu Lucid,32-bit, kernel
> > 2.6.32-21-generic-pae):
> >
> > > mkdir noalc
> > > mkdir acl
> > > setfacl -d --set u::rwx,g::rx,g:atlas:rwx acl
> > > getfacl -c acl
> > default:user::rwx
> > default:group::r-x
> > default:group:atlas:rwx
> > default:mask::rwx
> >
> > > umask 0777
> > > mkdir noacl/dir
> > > ls -l noacl
> > d--------- 2 root root .... dir
> >
> > > mkdir acl/dir
> > > getfacl -a acl/dir
> > user::rwx
> > group::r-x
> > group:atlas:rwx
> > mask::rwx
> >
> > So, here everything is okay.
> >
> > But, on Lustre the last command above looks as follows
> > > getfacl --access --omit-header acl/dir
> > user::---
> > group::r-x #effective:---
> > group:atlas:rwx #effective:---
> > mask::---
> >
> > So, the value of umask is not ignored.
> >
> > Does somebody else experience the same problem?
> > What could be wrong in our lustre setup? As usually ACL on MDS is
> > enabled by mount -o acl..
> > The same problem is in lustre 1.6.6. Thank you very much for any
> help!
> >
> > Best wishes, Gizo Nanava
> >
>
> _______________________________________________
> Lustre-discuss mailing list
> Lustre-discuss at lists.lustre.org
> <mailto:Lustre-discuss at lists.lustre.org>
> http://lists.lustre.org/mailman/listinfo/lustre-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.lustre.org/pipermail/lustre-discuss/attachments/20100519/d129cf0b/attachment-0001.html
On 2010-05-19, at 11:57, Gizo Nanava wrote:> some time ago i have ask the question about *default* acl problem > is lustre, but have not got any answer yer. > could you please someone give me this one bit of info. it is very simple > if you already have this lustre installed. > we are using it in large prod. site.. and are interested if that is our > fault or not.. Thanks!It seems entirely possible that this is a bug in Lustre. We run a set of ACL tests that are based on the upstream ACL tools regression tests. It doesn''t seem that there are any tests with umask 0777, so it may be that we have a problem somewhere handling the umask. Please file a bug. If you include a test script with the expected behaviour, per the style of the other ACL tests in lustre/tests/acl/*.test it would be appreciated.> On 05/14/2010 11:20 AM, Gizo Nanava wrote: >> Hello, >> >> on our cluster where we have Scientific Linux 5.4 (64-bit, kernel >> 2.6.18-164.11.1) and Lustre 1.8.2 >> we are experiencing problem with setting of default ACLs. >> >> According to rules, newly created files and directories in the >> directory with a default ACLs set, get >> permissions of the parent directory, thus ignoring the value of umask. >> As we have checked this is really the case on Linux with ext3, but we >> can not make this working in Lustre. >> >> Here is an example. >> >> On ACL enabled linux (Ubuntu Lucid,32-bit, kernel >> 2.6.32-21-generic-pae): >> >>> mkdir noalc >>> mkdir acl >>> setfacl -d --set u::rwx,g::rx,g:atlas:rwx acl >>> getfacl -c acl >> default:user::rwx >> default:group::r-x >> default:group:atlas:rwx >> default:mask::rwx >> >>> umask 0777 >>> mkdir noacl/dir >>> ls -l noacl >> d--------- 2 root root .... dir >> >>> mkdir acl/dir >>> getfacl -a acl/dir >> user::rwx >> group::r-x >> group:atlas:rwx >> mask::rwx >> >> So, here everything is okay. >> >> But, on Lustre the last command above looks as follows >>> getfacl --access --omit-header acl/dir >> user::--- >> group::r-x #effective:--- >> group:atlas:rwx #effective:--- >> mask::--- >> >> So, the value of umask is not ignored. >> >> Does somebody else experience the same problem? >> What could be wrong in our lustre setup? As usually ACL on MDS is >> enabled by mount -o acl.. >> The same problem is in lustre 1.6.6. Thank you very much for any help! >> >> Best wishes, Gizo Nanava >> > > _______________________________________________ > Lustre-discuss mailing list > Lustre-discuss at lists.lustre.org > http://lists.lustre.org/mailman/listinfo/lustre-discussCheers, Andreas -- Andreas Dilger Lustre Technical Lead Oracle Corporation Canada Inc.