Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PR #5943/53f72973 backport][stable-6] zfs_delegate_admin: fix: zfs allow cannot parse unknown uid/gid #6086

Merged
merged 1 commit into from
Feb 25, 2023
Merged

[PR #5943/53f72973 backport][stable-6] zfs_delegate_admin: fix: zfs allow cannot parse unknown uid/gid #6086

merged 1 commit into from
Feb 25, 2023

Conversation

patchback[bot]
Copy link

@patchback patchback bot commented Feb 25, 2023

This is a backport of PR #5943 as merged into main (53f7297).

When setting allow permissions for particular users or groups there will be circumstances when that user is not known to the host system.

In that case the output of zfs allow <pool/dataset> looks similar to this:

$ sudo zfs allow tank/test
---- Permissions on tank/test ---------------------------------------
Local+Descendent permissions:
user (unknown: 1002) hold
user zfsuser receive

The fix in this commit removes (unknown:+) from the output leaving only the uid/gid.

This allows the current parser to continue even if the uid/gid is not known.

This situation occurs most often when moving a zpool from one system to another that may not have the same users/groups. Simply adding permissions to a user/group and then deleting the user/group from the system will cause this situation to occur.

SUMMARY

Fixes #5941

Removing (unknown: + ) from line allows the user to remove and permissions to uids or gids even if the host system is unaware of an actual user/group by that name.

Ideally, openzfs could modify the zfs allow command to allow for machine readable output like most of the zfs commands available: e.g. -H -o name,permissions,entity.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

community.general.zfs_delegate_admin

ADDITIONAL INFORMATION

Testing

  tasks:

  - name: remove all perms
    community.general.zfs_delegate_admin:
      name: tank/test
      users: "zfsuser,1002"
      groups: 2000
      permissions: send,hold
      recursive: yes
      state: absent

  - ansible.builtin.command:
      cmd: zfs allow tank/test
    register: o1

  - debug:
      msg: "{{ o1.stdout.split('\n') }}"

  - name: add perm
    community.general.zfs_delegate_admin:
      name: tank/test
      users: "zfsuser,1002"
      groups: 2000
      permissions: send
      recursive: yes
      state: present

  - ansible.builtin.command:
      cmd: zfs allow tank/test
    register: o2

  - debug:
      msg: "{{ o2.stdout.split('\n') }}"

  - name: remove perm
    community.general.zfs_delegate_admin:
      name: tank/test
      users: "zfsuser,1002"
      groups: 2000
      permissions: send
      recursive: yes
      state: absent

  - ansible.builtin.command:
      cmd: zfs allow tank/test
    register: o3

  - debug:
      msg: "{{ o3.stdout.split('\n') }}"

$ ansible-playbook a.yml -l machine-a

PLAY [all] *************************************************************************************************

TASK [Gathering Facts] *************************************************************************************
ok: [machine-a]

TASK [remove all perms] ************************************************************************************
changed: [machine-a]

TASK [ansible.builtin.command] *****************************************************************************
changed: [machine-a]

TASK [debug] ***********************************************************************************************
ok: [machine-a] => {
    "msg": [
        ""
    ]
}

TASK [add perm] ********************************************************************************************
changed: [machine-a]

TASK [ansible.builtin.command] *****************************************************************************
changed: [machine-a]

TASK [debug] ***********************************************************************************************
ok: [machine-a] => {
    "msg": [
        "---- Permissions on tank/test ----------------------------------------",
        "Local+Descendent permissions:",
        "\tuser (unknown: 1002) send",
        "\tuser zfsuser send",
        "\tgroup (unknown: 2000) send"
    ]
}

TASK [remove perm] *****************************************************************************************
changed: [machine-a]

TASK [ansible.builtin.command] *****************************************************************************
changed: [machine-a]

TASK [debug] ***********************************************************************************************
ok: [machine-a] => {
    "msg": [
        ""
    ]
}

PLAY RECAP *************************************************************************************************
machine-a                      : ok=10   changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

@papamoose @patchback
zfs_delegate_admin: fix: zfs allow cannot parse unknown uid/gid (#5943)
7a85056 
When setting allow permissions for particular users or groups
there will be circumstances when that user is not known to the
host system.

In that case the output of `zfs allow <pool/dataset>`
looks similar to this:

  $ sudo zfs allow tank/test
  ---- Permissions on tank/test ---------------------------------------
  Local+Descendent permissions:
    user (unknown: 1002) hold
    user zfsuser receive

The fix in this commit removes ' (unknown: '+')' from the output
leaving only the uid/gid.

This allows the current parser to continue even if the uid/gid
is not known.

This situation occurs most often when moving a zpool from one system
to another that may not have the same users/groups. Simply adding
permissions to a user/group and then deleting the user/group
from the system will cause this situation to occur.

(cherry picked from commit 53f7297)
@patchback patchback bot mentioned this pull request Feb 25, 2023
Merged
@ansibullbot
Copy link
Collaborator

cc @bcoca @fishman @jasperla @jpdasma @mator @natefoo @scathatheworm @troy2914 @xen0l
click here for bot help

@ansibullbot ansibullbot added backport bug This issue/PR relates to a bug module module needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR new_contributor Help guide this first time contributor plugins plugin (any type) storage and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Feb 25, 2023
@felixfontein felixfontein merged commit e9b8692 into stable-6 Feb 25, 2023
@felixfontein felixfontein deleted the patchback/backports/stable-6/53f729730bcc95c75354b11d6ad5f999f883fe9d/pr-5943 branch February 25, 2023 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug module module new_contributor Help guide this first time contributor plugins plugin (any type) storage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ansibullbot @felixfontein @papamoose