Hi!
I have found the issue - maybe related to the specific versions of gluster and fuse on CentOS 9 Stream. I have a GlusterFS cluster on 6 servers, and I mounted it locally:
fs01-int:/nasvol01 on /mnt/glusterfs type fuse.glusterfs (rw,relatime,user_id=0,group_id=0,allow_other,max_read=131072,_netdev)
Here is the mounting unit:
[root@fs01 system]# cat mnt-glusterfs.mount
[Unit]
Description=GlusterFS Local Mount
After=glusterd.service
Requires=glusterd.service
[Mount]
What=fs01-int:/nasvol01
Where=/mnt/glusterfs
Type=glusterfs
Options=_netdev,resolve-gids,acl
[Install]
WantedBy=multi-user.target
And it's status:
[root@fs01 system]# systemctl status mnt-glusterfs.mount
● mnt-glusterfs.mount - GlusterFS Local Mount
Loaded: loaded (/etc/systemd/system/mnt-glusterfs.mount; enabled; vendor preset: disabled)
Active: active (mounted) since Thu 2022-11-03 11:35:47 CET; 25min ago
Until: Thu 2022-11-03 11:35:47 CET; 25min ago
Where: /mnt/glusterfs
What: fs01-int:/nasvol01
Tasks: 12 (limit: 821082)
Memory: 20.5M
CPU: 262ms
CGroup: /system.slice/mnt-glusterfs.mount
└─33157 /usr/sbin/glusterfs --acl --resolve-gids --process-name fuse --volfile-server=fs01-int --volfile-id=/nasvol01 /mnt/glusterfs
The owner of the resource:
[root@fs01 system]# gluster volume get nasvol01 all | grep owner
storage.owner-uid 974
storage.owner-gid 974
Let's examine the permissions:
[lszczepa@fs01 glusterfs]$ pwd
/mnt/glusterfs
[lszczepa@fs01 glusterfs]$ getfacl .
# file: .
# owner: gluster
# group: gluster
user::rwx
group::rwx
group:gluster:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:gluster:rwx
default:mask::rwx
default
ther::r-x
So my intention is to allow write to the resource for all in 'gluster' group.
So let's try:
[lszczepa@fs01 glusterfs]$ pwd
/mnt/glusterfs
[lszczepa@fs01 glusterfs]$ id
uid=1000(lszczepa) gid=1000(lszczepa) groups=1000(lszczepa),10(wheel),974(gluster) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[lszczepa@fs01 glusterfs]$ touch test4
touch: cannot touch 'test4': Permission denied
But, let me try to change my GID to the gluster group, temporarily:
[lszczepa@fs01 glusterfs]$ newgrp gluster
[lszczepa@fs01 glusterfs]$ id
uid=1000(lszczepa) gid=974(gluster) groups=974(gluster),10(wheel),1000(lszczepa) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[lszczepa@fs01 glusterfs]$ touch test4
[lszczepa@fs01 glusterfs]$
[lszczepa@fs01 glusterfs]$ ls -la test4
-rw-rw-r--+ 1 lszczepa gluster 0 Nov 3 12:05 test4
So that works. Anyone can tell me, why FUSE/GlusterFS native client don't allow me to write if the groupe is not GID but supplementary group? Despite the ACLs are set explicitly!
Here how the process is running:
root 33157 0.0 0.0 810924 30896 ? SLsl 11:35 0:00 /usr/sbin/glusterfs --acl --resolve-gids --process-name fuse --volfile-server=fs01-int --volfile-id=/nasvol01 /mnt/glusterfs
And versions:
[root@fs01 glusterfs]# cat /etc/redhat-release
CentOS Stream release 9
[root@fs01 glusterfs]# rpm -qa | grep fuse
fuse-common-3.10.2-5.el9.x86_64
fuse-libs-2.9.9-15.el9.x86_64
fuse-2.9.9-15.el9.x86_64
fuse3-libs-3.10.2-5.el9.x86_64
fuse3-3.10.2-5.el9.x86_64
fuse-overlayfs-1.9-1.el9.x86_64
gvfs-fuse-1.48.1-4.el9.x86_64
glusterfs-fuse-10.3-1.el9s.x86_64
[root@fs01 glusterfs]# rpm -qa | grep gluster
centos-release-gluster10-1.0-2.el9s.noarch
libglusterfs0-10.3-1.el9s.x86_64
glusterfs-10.3-1.el9s.x86_64
glusterfs-client-xlators-10.3-1.el9s.x86_64
libglusterd0-10.3-1.el9s.x86_64
glusterfs-cli-10.3-1.el9s.x86_64
glusterfs-fuse-10.3-1.el9s.x86_64
glusterfs-selinux-2.0.1-1.el9s.noarch
glusterfs-server-10.3-1.el9s.x86_64
Please help.