Copyed file inherit parent directory's Unix permission
- Views:
- 261
- Visibility:
- Public
- Votes:
- 0
- Category:
- fas-systems
- Specialty:
- nas
- Last Updated:
- 5/6/2023, 11:02:12 AM
Applies to
NFSv4
Issue
- Copyed file inherit the parent directory's Unix permission
- Volume security style: Unix
- Unix mode bits: 777
- This behavior only happens from specific NFS client
- This behavior only happens when NFSv4 is used for mounting.
- In a normal copy operation, the client carries Attr mask:Mode as well when sending SETATTR request to storage system
Client umask:
000
[root@centos-6 home]# ls -l
-rw-rw-rw-. 1 nobody nobody 0 May 1 17:29 ff1
[root@centos-6 home]#
[root@centos-6 home]# cp ff1 ff3
[root@centos-6 home]#
[root@centos-6 home]# ls -l
-rw-rw-rw-. 1 nobody nobody 0 May 1 17:29 ff1
-rw-rw-rw-. 1 nobody nobody 0 May 1 17:46 ff3
39 2023-05-01 17:46:00.956723 client_IP 727 storage_IP 2049 NFS V4 Call (Reply In 40) SETATTR FH: 0x934f8420
Opcode: PUTFH (22)
FileHandle
length: 32
[hash (CRC-32): 0x934f8420]
[Name: ff3]
[Full Name: ff3]
FileHandle: 010100000000000000000000a0050000103bc406e08f3a800000000000000000
Opcode: SETATTR (34)
StateID
[StateID Hash: 0xafa9]
StateID seqid: 0
StateID Other: 000000000000000000000000
[StateID Other hash: 0x7bd5c66f]
Attr mask: 0x00410002 (Mode, Time_Access_Set, Time_Modify_Set)
reco_attr: Mode (33)
mode: 0666, Name: Unknown, Read permission for owner, Write permission for owner, Read permission for group, Write permission for group, Read permission for others, Write permission for others
.... .... .... .... 000. .... .... .... = Name: Unknown (0)
.... .... .... .... .... 0... .... .... = Set user id on exec: No
.... .... .... .... .... .0.. .... .... = Set group id on exec: No
.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No
.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes
.... .... .... .... .... .... 1... .... = Write permission for owner: Yes
.... .... .... .... .... .... .0.. .... = Execute permission for owner: No
.... .... .... .... .... .... ..1. .... = Read permission for group: Yes
.... .... .... .... .... .... ...1 .... = Write permission for group: Yes
.... .... .... .... .... .... .... 0... = Execute permission for group: No
.... .... .... .... .... .... .... .1.. = Read permission for others: Yes
.... .... .... .... .... .... .... ..1. = Write permission for others: Yes
.... .... .... .... .... .... .... ...0 = Execute permission for others: No
reco_attr: Time_Access_Set (48)
set_it: SET_TO_SERVER_TIME4 (0)
reco_attr: Time_Modify_Set (54)
set_it: SET_TO_SERVER_TIME4 (0)
40 2023-05-01 17:46:00.957332 storage_IP 2049 client_IP 727 NFS V4 Reply (Call In 39) SETATTR
Opcode: GETATTR (9)
reco_attr: Mode (33)
mode: 0666, Name: Unknown, Read permission for owner, Write permission for owner, Read permission for group, Write permission for group, Read permission for others, Write permission for others
.... .... .... .... 000. .... .... .... = Name: Unknown (0)
.... .... .... .... .... 0... .... .... = Set user id on exec: No
.... .... .... .... .... .0.. .... .... = Set group id on exec: No
.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No
.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes
.... .... .... .... .... .... 1... .... = Write permission for owner: Yes
.... .... .... .... .... .... .0.. .... = Execute permission for owner: No
.... .... .... .... .... .... ..1. .... = Read permission for group: Yes
.... .... .... .... .... .... ...1 .... = Write permission for group: Yes
.... .... .... .... .... .... .... 0... = Execute permission for group: No
.... .... .... .... .... .... .... .1.. = Read permission for others: Yes
.... .... .... .... .... .... .... ..1. = Write permission for others: Yes
.... .... .... .... .... .... .... ...0 = Execute permission for others: No
- In this special case, the client does not carry Attr mask:Mode when sending SETATTR request to storage system. The storage system sets the permissions for this newly created file b.txt by following the Unix mode bits of 777.
Client umask:
022
[root@test home]# ls -al /mnt/home
total 4
drwxrwxrwx 2 nobody nobody 4096 Apr 29 14:05 .
drwxr-xr-x. 3 root root 17 Apr 28 14:52 ..
-rw-r--r-- 1 nobody nobody 0 Apr 29 14:05 a.txt
[root@test home]#
[root@test home]# cp a.txt b.txt
[root@test home]#
[root@test home]# ls -al /mnt/home
total 4
drwxrwxrwx 2 nobody nobody 4096 Apr 29 14:06 .
drwxr-xr-x. 3 root root 17 Apr 28 14:52 ..
-rw-r--r-- 1 nobody nobody 0 Apr 29 14:05 a.txt
-rwxrwxrwx 1 nobody nobody 0 Apr 29 14:06 b.txt
88 2023-05-02 14:53:31.199089 client_IP 851 storage_IP 2049 NFS V4 Call (Reply In 89) SETATTR FH: 0x0d291f7e
Opcode: PUTFH (22)
FileHandle
length: 32
[hash (CRC-32): 0x0d291f7e]
[Name: b.txt]
[Full Name: b.txt]
FileHandle: 0101000000000000000000008b190000cce2b40afe7230800000000000000000
Opcode: SETATTR (34)
StateID
[StateID Hash: 0xafa9]
StateID seqid: 0
StateID Other: 000000000000000000000000
[StateID Other hash: 0x7bd5c66f]
Attr mask: 0x00010000 (Time_Access_Set)
reco_attr: Time_Access_Set (48)
set_it: SET_TO_SERVER_TIME4 (0)
89 2023-05-02 14:53:31.199289 storage_IP 2049 client_IP 851 NFS V4 Reply (Call In 88) SETATTR
Opcode: GETATTR (9)
reco_attr: Mode (33)
mode: 0777, Name: Unknown, Read permission for owner, Write permission for owner, Execute permission for owner, Read permission for group, Write permission for group, Execute permission for group, Read permission for others, Write permissi
.... .... .... .... 000. .... .... .... = Name: Unknown (0)
.... .... .... .... .... 0... .... .... = Set user id on exec: No
.... .... .... .... .... .0.. .... .... = Set group id on exec: No
.... .... .... .... .... ..0. .... .... = Save swapped text even after use: No
.... .... .... .... .... ...1 .... .... = Read permission for owner: Yes
.... .... .... .... .... .... 1... .... = Write permission for owner: Yes
.... .... .... .... .... .... .1.. .... = Execute permission for owner: Yes
.... .... .... .... .... .... ..1. .... = Read permission for group: Yes
.... .... .... .... .... .... ...1 .... = Write permission for group: Yes
.... .... .... .... .... .... .... 1... = Execute permission for group: Yes
.... .... .... .... .... .... .... .1.. = Read permission for others: Yes
.... .... .... .... .... .... .... ..1. = Write permission for others: Yes
.... .... .... .... .... .... .... ...1 = Execute permission for others: Yes