Why ACLs in Gluster Volumes Are not Working Correctly for Users with More Than 93 Groups Assigned?
Issue
In a gluster configuration where the nodes are part of an Active Domain setup in Windows, a volume is exported using CTDB Samba and ACLs are enabled, to provide additional permissions to a particular group.
[root@glusternode1 media ]# getfacl samba-volume/
# file: samba-volume/
# owner: root
# group: root
user::rwx
group::rwx
group:EXAMPLE\\group1:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:EXAMPLE\\group1:rwx
default:mask::rwx
default:other::---
In the example above, group EXAMPLE\\group1 has full rwx permissions for the volume.
User EXAMPLE\\user1 , belonging to EXAMPLE\\group1 gets Permission denied when trying to access the contents of this volume. The expected results would be this user to have full access.
The samba settings are configured as default for this share. From /etc/samba/smb.conf
* share definition :
[samba-volume]
comment = For samba share of volume samba-volume
vfs objects = glusterfs
glusterfs:volume = samba-volume
glusterfs:logfile = /var/log/samba/glusterfs-samba-volume.%M.log
glusterfs:loglevel = 7
path = /
read only = no
inherit permissions = yes
inherit acls = yes
inherit owner = yes
In fact, this issue is not observed if a local samba directory is created in any of the gluster nodes.
Environment
- Red Hat Gluster Storage
- Gluster nodes under Windows Active Domain with Volume Exported using CTDB Samba with ACLS for additional permissions on a group.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
