From: Jean-Pierre A. <jea...@wa...> - 2009-08-28 09:01:01
|
Hi [I had a problem at first try, sorry if this is sent twice] Jean-Pierre André wrote: > Hi Miklos, > > Miklos Szeredi wrote: > >> On Wed, 19 Aug 2009, Jean-Pierre André wrote: >> >> >>> Just note that, currently, fuse has no option to check >>> the Posix ACLs (though a patch was recently posted >>> here to that aim), and you have to check them in the >>> file system.... which generally implies to check access >>> to the parent directory, and which you cannot do with >>> the low level API because you have no information >>> about which parent directory was used to access the file >>> (when a file is linked into several parent directories). >>> >>> >> Oh, you *can* do that with the low level api, just need to check >> permissions in the .lookup() method. >> >> > > There still is something I cannot get right with fuse > cacheing enabled. Consider the following, where > mkdir and chmod both return the current stat with > a timeout of one second : > > chmod 755 trydir > rm -rf trydir > mkdir trydir > echo file > trydir/file > ls -li trydir/file > chmod 000 trydir > chmod 444 trydir/file > ls -li trydir/file > The above is sometimes bad formatted for unknown reason, trying again : chmod 755 trydir rm -rf trydir mkdir trydir echo file > trydir/file ls -li trydir/file chmod 000 trydir chmod 444 trydir/file ls -li trydir/file > I get the following result : > > 293 -rw-rw-r-- 1 linux linux 5 2009-08-25 17:50 trydir/file > 293 -r--r--r-- 1 linux linux 5 2009-08-25 17:50 trydir/file > > Which shows the last chmod has been accepted > though just after one denying access. > > Analyzing fuse calls, I see that no lookup is issued > between the two chmod, and I tend to believe the > state returned by the chmod on the dir is not used > to decide over the access for the second chmod, the > state resulting from mkdir being used instead until > its timeout elapses. I can now confirm the diagnosis : when checking whether is directory is searchable (in lookup) with cacheing enabled, fuse only checks the directory entry timeout, without checking whether a chmod/chown/setfacl has changed the permissions on the directory in the meantime. As I do not know of any way to cancel the directory cache in chmod/chown/setfacl, I had to get fuse to check the attributes time out to decide whether a new lookup has to be done. Appended is the patch for that, which relies on chmod/chown/setfacl to return with a null timeout (at least when they impact a directory), to force a new lookup the next time the directory is accessed. Actually for setfacl, the file system cannot return the updated stat, so something more has to be done within fuse, and probably also in the kernel module. With the patch I get the expected result : 78 -rw-rw-r-- 1 linux linux 5 2009-08-28 09:47 trydir/file chmod: cannot access `trydir/file': Permission denied ls: cannot access trydir/file: Permission denied The patch is a "quick and dirty" one, and I would really appreciate comments. Regards Jean-Pierre |