From: wangdi <di.wang@whamcloud.com>
Date: Sun, 1 Dec 2013 10:25:27 +0000 (-0800)
Subject: LU-2738 mdt: add proc entry to enable lfs mkdir for non-admin
X-Git-Tag: 2.3.63~88
X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=11b26155714118d38348eadde91ce623ec570ec6;p=fs%2Flustre-release.git

LU-2738 mdt: add proc entry to enable lfs mkdir for non-admin

Add enable_remote_dir_gid to enable lfs mkdir for non-admin user,
1. enable_remote_dir_gid = group, only users, whose gid == group
   can create remote dir.
2. enable_remote_dir_gid = -1, all users can create remote dir.

Signed-off-by: wang di <di.wang@intel.com>
Change-Id: I6605016aa89ef3e2763ca14f94a763685fc689b6
Reviewed-on: http://review.whamcloud.com/5442
Tested-by: Hudson
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: John Hammond <johnlockwoodhammond@gmail.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
---

diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c
index 47fedcb..a27a9d3 100644
--- a/lustre/mdt/mdt_handler.c
+++ b/lustre/mdt/mdt_handler.c
@@ -4683,6 +4683,7 @@ static int mdt_init0(const struct lu_env *env, struct mdt_device *m,
 	spin_lock_init(&m->mdt_osfs_lock);
 	m->mdt_osfs_age = cfs_time_shift_64(-1000);
 	m->mdt_enable_remote_dir = 0;
+	m->mdt_enable_remote_dir_gid = 0;
 
         m->mdt_md_dev.md_lu_dev.ld_ops = &mdt_lu_ops;
         m->mdt_md_dev.md_lu_dev.ld_obd = obd;
diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h
index a0c047f..d8f869d 100644
--- a/lustre/mdt/mdt_internal.h
+++ b/lustre/mdt/mdt_internal.h
@@ -161,8 +161,10 @@ struct mdt_device {
         struct lustre_capa_key     mdt_capa_keys[2];
 	unsigned int               mdt_capa_conf:1,
 				   mdt_som_conf:1,
+				   /* Enable remote dir on non-MDT0 */
 				   mdt_enable_remote_dir:1;
 
+	gid_t			   mdt_enable_remote_dir_gid;
 	/* statfs optimization: we cache a bit  */
 	struct obd_statfs	   mdt_osfs;
 	__u64			   mdt_osfs_age;
diff --git a/lustre/mdt/mdt_lproc.c b/lustre/mdt/mdt_lproc.c
index d922f6e..e9163cc 100644
--- a/lustre/mdt/mdt_lproc.c
+++ b/lustre/mdt/mdt_lproc.c
@@ -973,6 +973,33 @@ static int lprocfs_wr_enable_remote_dir(struct file *file, const char *buffer,
 	return count;
 }
 
+static int lprocfs_rd_enable_remote_dir_gid(char *page, char **start, off_t off,
+					    int count, int *eof, void *data)
+{
+	struct obd_device *obd = data;
+	struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev);
+
+	return snprintf(page, count, "%d\n",
+			(int)mdt->mdt_enable_remote_dir_gid);
+}
+
+static int lprocfs_wr_enable_remote_dir_gid(struct file *file,
+					    const char *buffer,
+					    unsigned long count, void *data)
+{
+	struct obd_device *obd = data;
+	struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev);
+	__u32 val;
+	int rc;
+
+	rc = lprocfs_write_helper(buffer, count, &val);
+	if (rc)
+		return rc;
+
+	mdt->mdt_enable_remote_dir_gid = val;
+	return count;
+}
+
 static struct lprocfs_vars lprocfs_mdt_obd_vars[] = {
         { "uuid",                       lprocfs_rd_uuid,                 0, 0 },
         { "recovery_status",            lprocfs_obd_rd_recovery_status,  0, 0 },
@@ -1012,7 +1039,9 @@ static struct lprocfs_vars lprocfs_mdt_obd_vars[] = {
 					lprocfs_wr_job_interval, 0 },
 	{ "enable_remote_dir",		lprocfs_rd_enable_remote_dir,
 					lprocfs_wr_enable_remote_dir,	    0},
-        { 0 }
+	{ "enable_remote_dir_gid",	lprocfs_rd_enable_remote_dir_gid,
+					lprocfs_wr_enable_remote_dir_gid,   0},
+	{ 0 }
 };
 
 static struct lprocfs_vars lprocfs_mdt_module_vars[] = {
diff --git a/lustre/mdt/mdt_reint.c b/lustre/mdt/mdt_reint.c
index 6bb72b1..bed481a 100644
--- a/lustre/mdt/mdt_reint.c
+++ b/lustre/mdt/mdt_reint.c
@@ -311,10 +311,17 @@ static int mdt_md_create(struct mdt_thread_info *info)
 			struct lu_ucred *uc  = mdt_ucred(info);
 
 			if (!md_capable(uc, CFS_CAP_SYS_ADMIN)) {
-				CERROR("%s: Creating remote dir is only "
-				       "permitted for administrator: rc = %d\n",
-					mdt2obd_dev(mdt)->obd_name, -EPERM);
-				GOTO(out_put_child, rc = -EPERM);
+				if (uc->uc_gid !=
+				    mdt->mdt_enable_remote_dir_gid &&
+				    mdt->mdt_enable_remote_dir_gid != -1) {
+					CERROR("%s: Creating remote dir is only"
+					       " permitted for administrator or"
+					       " set mdt_enable_remote_dir_gid:"
+					       " rc = %d\n",
+						mdt2obd_dev(mdt)->obd_name,
+						-EPERM);
+					GOTO(out_put_child, rc = -EPERM);
+				}
 			}
 
 			ss = mdt_seq_site(mdt);
diff --git a/lustre/tests/sanity.sh b/lustre/tests/sanity.sh
index 21ba77b..6ab66ad 100644
--- a/lustre/tests/sanity.sh
+++ b/lustre/tests/sanity.sh
@@ -10757,7 +10757,20 @@ test_230b() {
 	[ $rc -ne 0 ] &&
 	   error "create remote directory failed after set enable_remote_dir"
 
-	rm -r $DIR/$tdir || error "unlink remote directory failed"
+	rm -rf $remote_dir || error "first unlink remote directory failed"
+
+	$RUNAS -G$RUNAS_GID $LFS mkdir -i $MDTIDX $DIR/$tfile &&
+							error "chown worked"
+
+	do_facet mds$MDTIDX lctl set_param \
+				mdt.*.enable_remote_dir_gid=$RUNAS_GID
+	$LFS mkdir -i $MDTIDX $remote_dir || rc=$?
+	do_facet mds$MDTIDX lctl set_param mdt.*.enable_remote_dir_gid=0
+
+	[ $rc -ne 0 ] &&
+	   error "create remote dir failed after set enable_remote_dir_gid"
+
+	rm -r $DIR/$tdir || error "second unlink remote directory failed"
 }
 run_test 230b "nested remote directory should be failed"