-
-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission denied when creating files w/ O_EXCL over NFS #343
Comments
mergerfs just passes the flags along. there is nothing fancy going on. it's probably some root squash conflict with mergerfs running as root. Try stracing mergerfs and see precisely what fails. |
Hey, |
And while that's running perform the open through mergerfs. |
Ok, rebooting all the NFS clients seems to solve it. Might also be case for OP |
Hey, The command that @trapexit stays empty during the file creation. Also now I have a non-production environment so I can test stuff.
|
Ok, Strace command:
Here is mergerfs strace: git command strace: Can we please reoopen this? |
If Can you trace with timestamps? It's hard to see what happened when otherwise. Also it's preferable to create the simplest example of this as possible. |
Ok, found something that might be causing it. This means directly without NFS. Or mergerfs. so its a file creation thing.
So its read only! and merger fs is trying to access it using |
I saw that. I'm looking into it. mergerfs does a lot of random stuff under the covers. |
Any way I can help? Also to clarify I wrote
|
Can you get traces with a narrow example (like in the original post)? With mergerfs in single threaded mode? The mergerfs trace doesn't make sense to me. |
How do i enable single mode?
I can try and create a reproduction, ill have time to work on it tomorrow.
|
|
Are you accessing mergerfs via SMB or NFS or some other network filesystem? |
Yes, nfs, like the issue suggests. |
Right... long day. I was thinking it was the other way. The problem is that NFS (and other network filesystems) break calls up. Tracing git isn't all that helpful since it's not literally what happens on the other end. Best to run mergerfs in debug mode ( If you look at the mergerfs trace you can see the strange behavior. The open translates to an open, close, utime, stat?, then another open. It's a bit strange in that the file is being created read only but with rdwr flags. If NFS is doing similar with a typical filesystem it should fail as well. If this is a problem with NFS -> FUSE I'm not sure I can fix this easily. |
Wrong permissions? git is doing 0444 and RDWR.
In mergerfs we see:
You can see how it's similar but it's not the same due to the 0444 (read only) flags set initially. If it was 0666 I suspect it'd work. |
Ok, I have a test I made, I am not saying its a workaround, you'd be crazy to use something like this in production, but its to confirm what you are saying in #343 (comment) . If I checkout the git code for What is strange is that I still got on the mergerfs side:
For reference code 13 is 'permission denied'. Also its saying its using Here is mergerfs strace for this scenario (it will not upload): git command strace for this scenario: Moving to try your single mode idea. |
Single thread mode reproduction Here is mergerfs: |
The return value of 13 is not a errno. It's the file descriptor. If it were an error it'd return -1 and |
I'm not sure how this works normally except that NFS -> FUSE has a non-standard behavior. I'll need to do more research and ask the fuse community. Ultimately, O_CREAT|O_EXCL is generally not recommended on NFS. Not for this reason but still a problem. I'm not sure there's a good way for mergerfs to address this. It's doing whats asked of it and NFS is giving it commands that rightfully error. Can you give me the output of mergerfs when using debug mode |
Ok, As requested in #343 (comment) here is a narrow reproduction code. #include <fcntl.h>
#include <errno.h>
#include <stdio.h>
main() {
int fd=open("tesfile",O_RDWR|O_CREAT|O_EXCL, 0444);
printf("errno=%d\n",errno);
close(fd);
} Running it on disk without mergerfs I get: Strace for running it over nfs to mergerfs where we get permission denied: For comparison, here is the successful execution of mergerfs side:
|
I found a reference of this from several years back. Looks like NFS is issuing a mknod which is then opened. Outside rewriting the mode, which could be narrowed to mknod when regular file and mode is 0444 but that's not ideal, I'm not sure how to address this. I'll ping the libfuse mailinglist. |
Yeah, it's clearly some nfs -> fuse issue. NFS must be acting differently between a typical FS and FUSE because that set of requests would fail normally. |
Can you strace mergerfs with nfs but without O_EXCL? |
Sure #include <fcntl.h>
#include <errno.h>
#include <stdio.h>
main() {
int fd=open("tesfile",O_RDWR|O_CREAT, 0444);
printf("errno=%d\n",errno);
close(fd);
} Still getting permission denied 13: mergerfs side: test without execl side: I get Will note that a second run will give |
Thanks. Looks like EXCL isn't part of the problem. It's the 0444 and separation of the command. |
Indeed, also just for a test I ran this code where I kept #include <fcntl.h>
#include <errno.h>
#include <stdio.h>
main() {
int fd=open("tesfile",O_RDWR|O_CREAT|O_EXCL, 0666);
printf("errno=%d\n",errno);
close(fd);
} It gives |
Hey, so I tried switching to unionfs-fuse, and it works there - does it help sharing stack traces from there? |
Sure. Looking at it's code it seems it might work because it's not doing the proper thing with permissions. |
|
What is it not doing? |
https://github.com/rpodgorny/unionfs-fuse/blob/master/src/fuse_ops.c#L328 edit: It sets the mode differently rather than straight up. It adds to the mode |
So is that a workaround they do? I don't understand what all those flags do. |
Actually I'm wrong. I misread. It's limiting the flags which shouldn't impact it. Can you strace unionfs? It'll be easier to track down. |
Yes, but tomorrow because its late now |
Hey, The command I ran was
Then I executed the unionfs strace:
Will note a file is created, and it indeed is read-only. |
Is unionfs running as root? I'm not seeing any setuid/setgid in the trace. If so then its cheating. Might want to test with a regular user. This was a problem with mhddfs. It ran as root and didn't properly change credentials meaning it had access to things it shouldn't and hid problems with user's permissions. When they moved to mergerfs they appeared because mergerfs properly sets uid and gid before performing actions. Opening a 0444 file O_RDWR as a regular user will fail with EACCES but root is allowed. |
I am
* running both mergerfs and unionfs-fuse as root
* NFS server is obviously root
* NFS client is mounted as root
* test.c is running as www-data (uid 33) and writing is done as uid 33. The
written file gets the right ownership as 33 in both cases.
Any suggestions? Perhaps we need a 'root mode'?
|
Try unionfs-fuse as non-root. Yes, mergerfs is being run as root but it doesn't stay root when performing these behaviors. I'll look at the unionfs-fuse code but I suspect it works because its breaking the rules. It's the only way it could be opening a read only file in RW mode. A 'root' mode could be dangerous and lead to odd behaviors. I suppose it could be made to attempt all opens as root but that'd be a pretty invasive and ugly change and breaks entitlements. |
Might want to try default_permissions with unionfs |
unionfs-fuse also works with Command:
strace: strace_default_ermissions.strace.txt |
Usually Regardless I was correct. unionfs-fuse is running as root and does not do proper switching of credentials. The request shouldn't work. mergerfs is technically behaving correctly. I'll need to think more about how this could be addressed without breaking other things or breaking security. |
Anything I can do beyond this point? Technically NFS is managing my credentials, so what unionfs-fuse seems like the only workaround. |
As I mentioned I need to think about it more. Need to consider if there are straightforward ways to distinguish when it's okay to open as root or not. There things are breaking standards. They shouldn't be working. |
This was two years ago. But if I remember its relevant to any time you create a file that is read only and then write to it.
tl;dr - no anyhhing that creates read only files with the permission I think mentioned up here Reproduction code: #343 (comment) |
I know it effects anything performing that behavior. I'm asking if the concern of the behavior was solely related to git or also other apps. If the work around should be generic or specific. Given the issue is really with the app assuming POSIX when not using a POSIX setup and the hack is ugly and can only change the chmod's mode value... I prefer a narrow as possible hack. |
I am not really using the software anymore. So I am not sure what to answer about that - do as you see fit in your project, you can list it as a known limitation when using mergefs over nfs. |
Just closing the loop on a question on the Git-users and Git devs mailing list: The Git use of the particular Posix file permissions is deliberate. The dev discussion is at https://lore.kernel.org/git/CAPx1GvfKxu8gwbp0Gn2dBf9th874skKjD-echeAFr7_77o8FYw@mail.gmail.com/T/#mead6be6c92f0ab29cf9fd600781dea7315e87411. The git-user thread is at https://groups.google.com/d/msgid/git-users/54b2a1de-73e8-4722-8a1d-ccec027ae625o%40googlegroups.com |
Historically O_EXCL was not supported on NFS and wasn't supposed to be used as still mentioned in the open manpage. While the problem with FUSE & NFS is not the same it is still a kernel level implementation detail and effects any FUSE filesystem (and perhaps others). That said: Yeah. I can add it. The reason I've not is that such a situation (not using O_CREAT|O_EXCL with NFS) is a generally accepted reality for those looking to write compatible software. |
Thanks for that. And yeah... that's what I expected them to say. |
I had a talk.with git devs at the time. I was considering a PR to git, there was something they would accept, but don't remember it. |
I'm getting a permission error on creating files with the
O_EXCL
flag on NFS mounts.It works fine if I...
O_EXCL
. It had worked with flexraid storage pool fine so fairly sure it's not NFS)I believe the above suggest that there is something in mergerfs that is causing this issue.
A simple example is when using vim as it tries to create the temporary swap files with the
O_EXCL
flag, and vim will complain that the swap file cannot be opened.Ubuntu 16.04
NFSv4
mergerfs 2.17
NFS Server
Hostname:
fileserver
/etc/fstab
/etc/exports
ps aux
- Shows mergerfs is running under rootdpkg -s mergerfs
NFS Client
/etc/fstab
Output of
mount
fileserver:/mnt/dump on /mnt/dump type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.X.X.2,local_lock=none,addr=10.X.X.1,_netdev)
Snippet of strace
Steps to repro
Assuming that the NFS mounts is setup correctly with the /etc/exports labeled as broken
cd /mnt/dump
vim myfile
Note error message that pops up concerning error opening the swap file
Alternative example
cd /mnt/dump
Create a python file named
test.py
with the following contents:Execute:
python test.py
Note the error:
Note the file mode on
myfile
is000
Before running again, delete
mydummyfile
Note that removing the
os.O_EXCL
flag works fineThe text was updated successfully, but these errors were encountered: