Copyed file inherit parent directory's Unix permission
Applies to
NFSv4
Issue
- Copyed file inherit the parent directory's Unix permission
- Volume security style: Unix
- Unix mode bits: 777
- This behavior only happens from specific NFS client
- This behavior only happens when NFSv4 is used for mounting.
- In a normal copy operation, the client carries Attr mask:Mode as well when sending SETATTR request to storage system
Client umask:
000[root@centos-6 home]# ls -l-rw-rw-rw-. 1 nobody nobody 0 May 1 17:29 ff1[root@centos-6 home]#[root@centos-6 home]# cp ff1 ff3[root@centos-6 home]#[root@centos-6 home]# ls -l-rw-rw-rw-. 1 nobody nobody 0 May 1 17:29 ff1-rw-rw-rw-. 1 nobody nobody 0 May 1 17:46 ff339 2023-05-01 17:46:00.956723 client_IP 727 storage_IP 2049 NFS V4 Call (Reply In 40) SETATTR FH: 0x934f8420Opcode: PUTFH (22)FileHandlelength: 32[hash (CRC-32): 0x934f8420][Name: ff3][Full Name: ff3]FileHandle: 010100000000000000000000a0050000103bc406e08f3a800000000000000000Opcode: SETATTR (34)StateID[StateID Hash: 0xafa9]StateID seqid: 0StateID Other: 000000000000000000000000[StateID Other hash: 0x7bd5c66f]Attr mask: 0x00410002 (Mode, Time_Access_Set, Time_Modify_Set)reco_attr: Mode (33)mode: 0666, Name: Unknown, Read permission for owner, Write permission for owner, Read permission for group, Write permission for group, Read permission for others, Write permission for others.... .... .... .... 000. .... .... .... = Name: Unknown (0).... .... .... .... .... 0... .... .... = Set user id on exec: No.... .... .... .... .... .0.. .... .... = Set group id on exec: No.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes.... .... .... .... .... .... 1... .... = Write permission for owner: Yes.... .... .... .... .... .... .0.. .... = Execute permission for owner: No.... .... .... .... .... .... ..1. .... = Read permission for group: Yes.... .... .... .... .... .... ...1 .... = Write permission for group: Yes.... .... .... .... .... .... .... 0... = Execute permission for group: No.... .... .... .... .... .... .... .1.. = Read permission for others: Yes.... .... .... .... .... .... .... ..1. = Write permission for others: Yes.... .... .... .... .... .... .... ...0 = Execute permission for others: Noreco_attr: Time_Access_Set (48)set_it: SET_TO_SERVER_TIME4 (0)reco_attr: Time_Modify_Set (54)set_it: SET_TO_SERVER_TIME4 (0)40 2023-05-01 17:46:00.957332 storage_IP 2049 client_IP 727 NFS V4 Reply (Call In 39) SETATTROpcode: GETATTR (9)reco_attr: Mode (33)mode: 0666, Name: Unknown, Read permission for owner, Write permission for owner, Read permission for group, Write permission for group, Read permission for others, Write permission for others.... .... .... .... 000. .... .... .... = Name: Unknown (0).... .... .... .... .... 0... .... .... = Set user id on exec: No.... .... .... .... .... .0.. .... .... = Set group id on exec: No.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes.... .... .... .... .... .... 1... .... = Write permission for owner: Yes.... .... .... .... .... .... .0.. .... = Execute permission for owner: No.... .... .... .... .... .... ..1. .... = Read permission for group: Yes.... .... .... .... .... .... ...1 .... = Write permission for group: Yes.... .... .... .... .... .... .... 0... = Execute permission for group: No.... .... .... .... .... .... .... .1.. = Read permission for others: Yes.... .... .... .... .... .... .... ..1. = Write permission for others: Yes.... .... .... .... .... .... .... ...0 = Execute permission for others: No- In this special case, the client does not carry Attr mask:Mode when sending SETATTR request to storage system. The storage system sets the permissions for this newly created file b.txt by following the Unix mode bits of 777.
Client umask:
022[root@test home]# ls -al /mnt/hometotal 4drwxrwxrwx 2 nobody nobody 4096 Apr 29 14:05 .drwxr-xr-x. 3 root root 17 Apr 28 14:52 ..-rw-r--r-- 1 nobody nobody 0 Apr 29 14:05 a.txt[root@test home]#[root@test home]# cp a.txt b.txt[root@test home]#[root@test home]# ls -al /mnt/hometotal 4drwxrwxrwx 2 nobody nobody 4096 Apr 29 14:06 .drwxr-xr-x. 3 root root 17 Apr 28 14:52 ..-rw-r--r-- 1 nobody nobody 0 Apr 29 14:05 a.txt-rwxrwxrwx 1 nobody nobody 0 Apr 29 14:06 b.txt88 2023-05-02 14:53:31.199089 client_IP 851 storage_IP 2049 NFS V4 Call (Reply In 89) SETATTR FH: 0x0d291f7eOpcode: PUTFH (22)FileHandlelength: 32[hash (CRC-32): 0x0d291f7e][Name: b.txt][Full Name: b.txt]FileHandle: 0101000000000000000000008b190000cce2b40afe7230800000000000000000Opcode: SETATTR (34)StateID[StateID Hash: 0xafa9]StateID seqid: 0StateID Other: 000000000000000000000000[StateID Other hash: 0x7bd5c66f]Attr mask: 0x00010000 (Time_Access_Set)reco_attr: Time_Access_Set (48)set_it: SET_TO_SERVER_TIME4 (0)89 2023-05-02 14:53:31.199289 storage_IP 2049 client_IP 851 NFS V4 Reply (Call In 88) SETATTROpcode: GETATTR (9)reco_attr: Mode (33)mode: 0777, Name: Unknown, Read permission for owner, Write permission for owner, Execute permission for owner, Read permission for group, Write permission for group, Execute permission for group, Read permission for others, Write permissi.... .... .... .... 000. .... .... .... = Name: Unknown (0).... .... .... .... .... 0... .... .... = Set user id on exec: No.... .... .... .... .... .0.. .... .... = Set group id on exec: No.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes.... .... .... .... .... .... 1... .... = Write permission for owner: Yes.... .... .... .... .... .... .1.. .... = Execute permission for owner: Yes.... .... .... .... .... .... ..1. .... = Read permission for group: Yes.... .... .... .... .... .... ...1 .... = Write permission for group: Yes.... .... .... .... .... .... .... 1... = Execute permission for group: Yes.... .... .... .... .... .... .... .1.. = Read permission for others: Yes.... .... .... .... .... .... .... ..1. = Write permission for others: Yes.... .... .... .... .... .... .... ...1 = Execute permission for others: Yes