mirror of
https://github.com/gluster/glusterfs.git
synced 2026-02-06 18:48:16 +01:00
48b44ea52b
When a volume is accessed via a fuse client, access control will take place at two locations by default: once on client side, once on server side. The fuse client unconditionally performs access control (what can be configured about it is whether to let the kernel do it -- that's the default, or let the glusterfs client do it -- that's what happens with '--acl' option). However, server side access control can be turned off via the 'features.acl' volume option; indeed, this is a desirable optimization if it can be asserted that only fuse clients will access the volume (along with setting 'server.manage-gids off', as group data won't be used by server in this case). This commit enhances the 'many-groups-for-acl.t' test script to test this configuration. - The checks that are performed in a given configuration are extended by an access attempt that should fail with not having sufficient permissions. This is needed to demonstrate that access control is properly in effect. - A new configuration is added with 'feature.acl off; sever.manage-gids off'. Change-Id: I2e2cd804f76550a5e8fbfc84c5de7f81318de073 Updates: #1000 Signed-off-by: Csaba Henk <csaba@redhat.com>