Advertised inode permissions don't do anything

tarun360 commented 1 year ago

Describe the issue

I ran the following command:

$ sudo gcsfuse --uid 1000 --gid 1000 -o allow_other --implicit-dirs --only-dir somedir my-bucket-name /somedir

$ ls -l /somedir/hello.txt
-rw-r--r-- 1 someuser someuser # someuser corresponds to uid 1000

$ sudo -u 2000 echo "2000" > /somedir/hello.txt # doesn't throw error

In the above case,

The command is run as root (id=0)
--allow_other flag is passed which should allow access to all users.
both uid and gid is set to 1000 which sets inode permissions (shown using ls -l above).

Should the above not restrict the access to uid 1000 only (even though --allow_other is set)? If not, then what's the point of having --uid and --gid flags if they don't actually do anything?

sethiay commented 1 year ago

@tarun360 We were not able to reproduce the issue. Could you please confirm the behavior on your side with the latest GCSFuse version (v1.2.0) ? Also, if the issue still persist, could you please share the following:

OS: [e.g. Ubuntu 20.04]
Platform [VM, Kubernetes]
debug logs (Please rerun with --debug_fuse --debug_gcs --foreground as additional flags to enable debug logs.)

tarun360 commented 1 year ago

Ok, I was using a old version, I'll try with a new version and update here. Thanks!

$ gcsfuse --version
gcsfuse version 0.42.4 (Go version go1.20.4)

tarun360 commented 1 year ago

Hi @sethiay ,

I did install v1.2.0 of gcsfuse. I followed the instructions mentioned here. On doing gcsfuse --version it gives following output

$ gcsfuse --version
gcsfuse version unknown (Go version go1.21.1)

Not sure why its showing version unknown? Although, since its showing (Go version go1.21.1) which was upgraded only in v1.2.0 (link), hence I believe the v1.2.0 was installed successfully.

After the above installation, I am still facing the exact same problem as before.

Additional information you requested:

OS information:


$ cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.8 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.8 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.8 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.8"


Platform: VM

Debug logs:
On running `$ sudo -u 2000 echo "2000" > /somedir/hello.txt `, it shows only TRACE level logs, nothing unusual in them

{"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670002092941},"severity":"TRACE","msg":"fuse_debug: Op 0x00000032 connection.go:416] <- StatFS"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670002225861},"severity":"TRACE","msg":"fuse_debug: Op 0x00000032 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907347648},"severity":"TRACE","msg":"fuse_debug: Op 0x00000034 connection.go:416] <- LookUpInode (parent 1, name \"hello.txt\", PID 8026)"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907512454},"severity":"TRACE","msg":"fuse_debug: Op 0x00000034 connection.go:498] -> OK (inode 2)"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907639096},"severity":"TRACE","msg":"fuse_debug: Op 0x00000036 connection.go:416] <- OpenFile (inode 2, PID 8026)"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907696942},"severity":"TRACE","msg":"fuse_debug: Op 0x00000036 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907818316},"severity":"TRACE","msg":"fuse_debug: Op 0x00000038 connection.go:416] <- SetInodeAttributes (inode 2, PID 8026, size 0, mtime 2023-10-04 08:21:10.906015886 +0000 UTC)"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670907871305},"severity":"TRACE","msg":"gcs: Req 0xa: <- UpdateObject(\"somedir/hello.txt\")"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670965600644},"severity":"TRACE","msg":"gcs: Req 0xa: -> UpdateObject(\"somedir/hello.txt\") (57.72115ms): OK"} {"time":{"timestampSeconds":1696407670,"timestampNanos":1696407670965691494},"severity":"TRACE","msg":"gcs: Req 0xb: <- Read(\"somedir/hello.txt\", )"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671107140118},"severity":"TRACE","msg":"gcs: Req 0xb: -> Read(\"somedir/hello.txt\", ) (141.430353ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671107253955},"severity":"TRACE","msg":"fuse_debug: Op 0x00000038 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671107447437},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003a connection.go:416] <- FlushFile (inode 2, PID 8026)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671107524693},"severity":"TRACE","msg":"gcs: Req 0xc: <- StatObject(\"somedir/hello.txt\")"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671193702799},"severity":"TRACE","msg":"gcs: Req 0xc: -> StatObject(\"somedir/hello.txt\") (86.179625ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671193773242},"severity":"TRACE","msg":"gcs: Req 0xd: <- CreateObject(\"somedir/hello.txt\")"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671334282861},"severity":"TRACE","msg":"gcs: Req 0xd: -> CreateObject(\"somedir/hello.txt\") (140.485805ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671334447250},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003a connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671525034634},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003c connection.go:416] <- GetInodeAttributes (inode 2, PID 8027)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671525181942},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003c connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671525629349},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003e connection.go:416] <- WriteFile (inode 2, PID 0, handle 1, offset 0, 8 bytes)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671525710346},"severity":"TRACE","msg":"fuse_debug: Op 0x00000040 connection.go:416] <- SetInodeAttributes (inode 2, PID 8027, mtime 2023-10-04 08:21:11.524057564 +0000 UTC)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671525796658},"severity":"TRACE","msg":"gcs: Req 0xe: <- Read(\"somedir/hello.txt\", )"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671617347685},"severity":"TRACE","msg":"gcs: Req 0xe: -> Read(\"somedir/hello.txt\", ) (91.57812ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671617465003},"severity":"TRACE","msg":"fuse_debug: Op 0x0000003e connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671617555443},"severity":"TRACE","msg":"fuse_debug: Op 0x00000040 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671617841502},"severity":"TRACE","msg":"fuse_debug: Op 0x00000042 connection.go:416] <- FlushFile (inode 2, PID 8027)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671617919712},"severity":"TRACE","msg":"gcs: Req 0xf: <- StatObject(\"somedir/hello.txt\")"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671705793285},"severity":"TRACE","msg":"gcs: Req 0xf: -> StatObject(\"somedir/hello.txt\") (87.860812ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671705853914},"severity":"TRACE","msg":"gcs: Req 0x10: <- CreateObject(\"somedir/hello.txt\")"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671883882928},"severity":"TRACE","msg":"gcs: Req 0x10: -> CreateObject(\"somedir/hello.txt\") (178.012096ms): OK"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671884036682},"severity":"TRACE","msg":"fuse_debug: Op 0x00000042 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671886275164},"severity":"TRACE","msg":"fuse_debug: Op 0x00000044 connection.go:416] <- FlushFile (inode 2, PID 8026)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671886367741},"severity":"TRACE","msg":"fuse_debug: Op 0x00000044 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671886526139},"severity":"TRACE","msg":"fuse_debug: Op 0x00000046 connection.go:416] <- ReleaseFileHandle (PID 0)"} {"time":{"timestampSeconds":1696407671,"timestampNanos":1696407671886775747},"severity":"TRACE","msg":"fuse_debug: Op 0x00000046 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407680,"timestampNanos":1696407680002166986},"severity":"TRACE","msg":"fuse_debug: Op 0x00000048 connection.go:416] <- StatFS"} {"time":{"timestampSeconds":1696407680,"timestampNanos":1696407680002277685},"severity":"TRACE","msg":"fuse_debug: Op 0x00000048 connection.go:498] -> OK ()"} {"time":{"timestampSeconds":1696407690,"timestampNanos":1696407690001685263},"severity":"TRACE","msg":"fuse_debug: Op 0x0000004a connection.go:416] <- StatFS"} {"time":{"timestampSeconds":1696407690,"timestampNanos":1696407690001864469},"severity":"TRACE","msg":"fuse_debug: Op 0x0000004a connection.go:498] -> OK ()"}

sethiay commented 1 year ago

Hey @tarun360

I did install v1.2.0 of gcsfuse. I followed the instructions mentioned here. On doing gcsfuse --version it gives following output

I tried this and I am able to see the correct version. i.e. v1.2.0.

OS information:

Thanks, I also tried running similar experiment on the same OS and got permission denied error:

# Create new user
sudo useradd testuser
# Get user id corresponding to testuser
# e.g. uid=1001(testuser) gid=1002(testuser) groups=1002(testuser)
id testuser

# Mount
sudo gcsfuse --uid 1001 --gid 1002 -o allow_other --implicit-dirs --only-dir test $BUCKET_NAME $MNT_DIR

# create another user
sudo useradd testuser1
id testuser1

sudo -u 1002 "hey" >> $MNT_DIR/a.txt
# Got the following error
# -bash: mnt/a.txt: Permission denied

Could you please confirm if you are doing similar ?
Could you please mention your fuse version (fusermount --version) ?
Could you please share strace logs as well strace sh -c "sudo -u 1002 'hey' >> $MNT_DIR/a.txt"

bjornleffler commented 1 year ago

Are mode and owner attributes supported beyond the defaults?

SetInodeAttributes silently ignores mode. I don't see the owner being set either. https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/internal/fs/fs.go#L1297

createFile doesn't use the supplied mode. https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/internal/fs/fs.go#L1415C2-L1415C6

tarun360 commented 1 year ago

Hi @sethiay ,

I tried this and I am able to see the correct version. i.e. v1.2.0.

I ran git checkout tags/v1.2.0, and then go install .. Its still showing me gcsfuse version unknown (Go version go1.21.1). Although, since its showing (Go version go1.21.1) which was upgraded only in v1.2.0 (link), hence I believe the v1.2.0 was installed successfully.

you please confirm if you are doing similar ?

Previously I was users which were already created. I wasn't creating users using useradd command. Following the example you shared, i.e., creating users using useradd, I am unable to write to the file as any user (pretty strange, I am not sure if I am doing something stupid here)

$ sudo useradd testuser
$ id testuser
uid=7473(testuser) gid=7473(testuser) groups=7473(testuser)

$ sudo /u/gupttaru/gcsfuse --uid 7473 --gid 7473 -o allow_other --implicit-dirs --only-dir proj $BUCKET_NAME $MNT_DIR

$ ls -ld /proj/test.txt 
-rw-r--r-- 1 testuser testuser 4 Oct  9 10:09 $MNT_DIR/test.txt

$ sudo -u testuser echo "hey" > $MNT_DIR/test.txt
bash: /proj/test.txt: Permission denied

$ sudo useradd testuser1
$ id testuser1
uid=7474(testuser1) gid=7474(testuser1) groups=7474(testuser1)
$ sudo -u testuser1 "hey" > $MNT_DIR/test.txt 
bash: /proj/test.txt: Permission denied

Could you please mention your fuse version (fusermount --version) ?

$ fusermount --version
fusermount version: 2.9.7

Could you please share strace logs as well strace sh -c "sudo -u 1002 'hey' >> $MNT_DIR/a.txt"

For the initial case, i.e. where I wasn't creating users using useradd command, this is the output:

execve("/usr/local/bin/sh", ["sh", "-c", "sudo -u luciani echo 'hey' > /pr"...], 0x7fffa433be80 /* 54 vars */) = 0
brk(NULL)                               = 0x55609b022000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fff41abe7d0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=92131, ...}) = 0
mmap(NULL, 92131, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9ec000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\351\0\0\0\0\0\0"..., 832) = 832
lseek(3, 165752, SEEK_SET)              = 165752
read(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32) = 32
fstat(3, {st_mode=S_IFREG|0755, st_size=187496, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f533e9ea000
lseek(3, 165752, SEEK_SET)              = 165752
read(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32) = 32
mmap(NULL, 2279808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f533e5a8000
mprotect(0x7f533e5d1000, 2093056, PROT_NONE) = 0
mmap(0x7f533e7d0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f533e7d0000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19128, ...}) = 0
mmap(NULL, 2109600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f533e3a4000
mprotect(0x7f533e3a7000, 2093056, PROT_NONE) = 0
mmap(0x7f533e5a6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f533e5a6000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\256\3\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2089984, ...}) = 0
lseek(3, 808, SEEK_SET)                 = 808
read(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32) = 32
mmap(NULL, 3950816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f533dfdf000
mprotect(0x7f533e19a000, 2097152, PROT_NONE) = 0
mmap(0x7f533e39a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bb000) = 0x7f533e39a000
mmap(0x7f533e3a0000, 14560, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f533e3a0000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f533e9e7000
arch_prctl(ARCH_SET_FS, 0x7f533e9e7740) = 0
mprotect(0x7f533e39a000, 16384, PROT_READ) = 0
mprotect(0x7f533e5a6000, 4096, PROT_READ) = 0
mprotect(0x7f533e7d0000, 16384, PROT_READ) = 0
mprotect(0x556099be9000, 16384, PROT_READ) = 0
mprotect(0x7f533ea03000, 4096, PROT_READ) = 0
munmap(0x7f533e9ec000, 92131)           = 0
openat(AT_FDCWD, "/dev/tty", O_RDWR|O_NONBLOCK) = 3
close(3)                                = 0
getrandom("\x6c\xf1\x7a\x00\x7b\x4e\x97\xe9", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55609b022000
brk(0x55609b043000)                     = 0x55609b043000
brk(NULL)                               = 0x55609b043000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2997
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=368, ...}) = 0
mmap(NULL, 368, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533ea02000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26998, ...}) = 0
mmap(NULL, 26998, PROT_READ, MAP_SHARED, 3, 0) = 0x7f533e9fb000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0
mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9fa000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
mmap(NULL, 59, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f9000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=167, ...}) = 0
mmap(NULL, 167, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f8000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=77, ...}) = 0
mmap(NULL, 77, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f7000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFDIR|0755, st_size=29, ...}) = 0
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=57, ...}) = 0
mmap(NULL, 57, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f5000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=286, ...}) = 0
mmap(NULL, 286, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f4000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3316, ...}) = 0
mmap(NULL, 3316, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f3000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=54, ...}) = 0
mmap(NULL, 54, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e9f2000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=337024, ...}) = 0
mmap(NULL, 337024, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533e994000
close(3)                                = 0
getuid()                                = 21363
getgid()                                = 21363
geteuid()                               = 21363
getegid()                               = 21363
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
ioctl(-1, TIOCGPGRP, 0x7fff41abe6b4)    = -1 EBADF (Bad file descriptor)
sysinfo({uptime=1444, loads=[0, 4224, 27296], totalram=6218563584, freeram=143945728, sharedram=8912896, bufferram=2011136, totalswap=0, freeswap=0, procs=281, totalhigh=0, freehigh=0, mem_unit=1}) = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigaction(SIGTSTP, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTSTP, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigaction(SIGTTIN, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTTIN, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigaction(SIGTTOU, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTTOU, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
uname({sysname="Linux", nodename="maestro-gcp-sf79", ...}) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
stat("/u/gupttaru", {st_mode=S_IFDIR|0700, st_size=151, ...}) = 0
stat(".", {st_mode=S_IFDIR|0700, st_size=151, ...}) = 0
stat("/u", {st_mode=S_IFDIR|0755, st_size=66, ...}) = 0
stat("/u/gupttaru", {st_mode=S_IFDIR|0700, st_size=151, ...}) = 0
getpid()                                = 6538
getppid()                               = 6535
stat(".", {st_mode=S_IFDIR|0700, st_size=151, ...}) = 0
stat("/u/gupttaru/.local/bin/sh", 0x7fff41abe330) = -1 ENOENT (No such file or directory)
stat("/u/gupttaru/bin/sh", 0x7fff41abe330) = -1 ENOENT (No such file or directory)
stat("/usr/share/Modules/bin/sh", 0x7fff41abe330) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/local/bin/sh", X_OK)       = 0
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/local/bin/sh", R_OK)       = 0
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/local/bin/sh", X_OK)       = 0
stat("/usr/local/bin/sh", {st_mode=S_IFREG|0755, st_size=1150560, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/local/bin/sh", R_OK)       = 0
getpid()                                = 6538
getpgrp()                               = 6535
ioctl(2, TIOCGPGRP, [6535])             = 0
rt_sigaction(SIGCHLD, {sa_handler=0x55609993b250, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f533e02db50}, 8) = 0
prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=23559, rlim_max=23559}) = 0
brk(NULL)                               = 0x55609b043000
brk(0x55609b064000)                     = 0x55609b064000
openat(AT_FDCWD, "/usr/lib/locale/en_US.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/en_US.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2586930, ...}) = 0
mmap(NULL, 2586930, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f533dd67000
close(3)                                = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
stat(".", {st_mode=S_IFDIR|0700, st_size=151, ...}) = 0
stat("/u/gupttaru/.local/bin/sudo", 0x7fff41abe210) = -1 ENOENT (No such file or directory)
stat("/u/gupttaru/bin/sudo", 0x7fff41abe210) = -1 ENOENT (No such file or directory)
stat("/usr/share/Modules/bin/sudo", 0x7fff41abe210) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/sudo", 0x7fff41abe210) = -1 ENOENT (No such file or directory)
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/bin/sudo", X_OK)           = 0
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/bin/sudo", R_OK)           = -1 EACCES (Permission denied)
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/bin/sudo", X_OK)           = 0
stat("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0111, st_size=165592, ...}) = 0
geteuid()                               = 21363
getegid()                               = 21363
getuid()                                = 21363
getgid()                                = 21363
access("/usr/bin/sudo", R_OK)           = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f533e9e7a10) = 6539
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x556099937c60, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6539
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, {sa_handler=0x556099937c60, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f533e02db50}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6539, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
wait4(-1, 0x7fff41abdd90, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn({mask=[]})                 = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
exit_group(0)                           = ?
+++ exited with 0 +++

sethiay commented 1 year ago

Are mode and owner attributes supported beyond the defaults?

@bjornleffler , Yes, however they can only be set at the time of mounting (running chmod/chown after mounting will be ignored as you mentioned in https://github.com/GoogleCloudPlatform/gcsfuse/issues/1414#issuecomment-1752523849). Ref: https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/semantics.md#permissions-and-ownership

sethiay commented 1 year ago

@tarun360 I think the problem is when sudo -u testuser echo "hey" >> a.txt is executed, then it just execute echo "hey" part from user testuser, and the other part of command writing to the file i.e. >> a.txt is executed from the current user running the whole command. Given above, can you please try and confirm if running sudo -u <different user than passed to --uid & --gid flags> sh -c "echo 'hey' >> $MNT_DIR/a.txt" works as expected i.e. throw permission denied error ?

tarun360 commented 1 year ago

@tarun360 I think the problem is when sudo -u testuser echo "hey" >> a.txt is executed, then it just execute echo "hey" part from user testuser, and the other part of command writing to the file i.e. >> a.txt is executed from the current user running the whole command.

Yes, LOL! Thanks for catching that!!!

It works as expected. Sorry for the false alarm :')

GoogleCloudPlatform / gcsfuse

Advertised inode permissions don't do anything #1414