Why ACLs in Gluster Volumes Are not Working Correctly for Users with More Than 93 Groups Assigned?

Solution Verified - Updated -

Issue

  • In a gluster configuration where the nodes are part of an Active Domain setup in Windows, a volume is exported using Samba and ACLs are enabled, to provide additional permissions to a particular group.

    [root@glusternode1 media ]# getfacl samba-volume/
# file: samba-volume/
# owner: root
# group: root
user::rwx
group::rwx
group:EXAMPLE\\group1:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:EXAMPLE\\group1:rwx
default:mask::rwx
default:other::---

  • In the example above, group EXAMPLE\\group1 has full rwx permissions on the volume.

  • The user EXAMPLE\\user1 , belonging to EXAMPLE\\group1 gets Permission denied when trying to access the contents of this volume. The expected results would be this user to have full access.

  • The samba settings are configured as default for this share. From /etc/samba/smb.conf

    [samba-volume]
comment = For samba share of volume samba-volume
vfs objects = glusterfs
glusterfs:volume = samba-volume
glusterfs:logfile = /var/log/samba/glusterfs-samba-volume.%M.log
glusterfs:loglevel = 7
path = /
read only = no
inherit permissions = yes
inherit acls = yes
inherit owner = yes

  • In fact, this issue is not observed if a local samba directory is created in any of the gluster nodes.

Environment

  • Red Hat Gluster Storage 3.x
  • Gluster nodes under Windows AD with volumes exported using CTDB and Samba, and ACLs setup for additional permissions on a group.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content