kubernetes-sigs · andyzhangx · Dec 28, 2021 · Dec 27, 2021
diff --git a/charts/README.md b/charts/README.md
@@ -120,6 +120,7 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `node.metricsPort`                                    | metrics port of csi-blob-node                         | `29635`                                                          |
 | `node.livenessProbe.healthPort `                      | health check port for liveness probe                  | `29633` |
 | `node.logLevel`                                       | node driver log level                                 | `5`                                                            |
+| `node.mountPermissions`                               | mounted folder permissions (only applies for NFS)                 | `0777`
 | `node.enableBlobfuseProxy`                            | enable blobfuse-proxy on agent node                           | `false`                                                          |
 | `node.blobfuseProxy.installBlobfuse`                  | whether install blobfuse on agent node| `true`                                                          |
 | `node.blobfuseProxy.blobfuseVersion`                  | installed blobfuse version on agent node| `1.4.2`                                                          |

diff --git a/charts/latest/blob-csi-driver-v1.8.0.tgz b/charts/latest/blob-csi-driver-v1.8.0.tgz
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
@@ -124,6 +124,7 @@ spec:
             - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
             - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
             - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}"
+            - "--mount-permissions={{ .Values.node.mountPermissions }}"
           ports:
             - containerPort: {{ .Values.node.livenessProbe.healthPort }}
               name: healthz

diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml
@@ -119,6 +119,7 @@ node:
     disableUpdateDB: true
   blobfuseCachePath: /mnt
   appendTimeStampInCacheDir: false
+  mountPermissions: 0777
   resources:
     livenessProbe:
       limits:

diff --git a/pkg/blob/blob.go b/pkg/blob/blob.go
@@ -121,6 +121,7 @@ type DriverOptions struct {
 	AllowEmptyCloudConfig      bool
 	EnableGetVolumeStats       bool
 	AppendTimeStampInCacheDir  bool
+	MountPermissions           uint64
 }
 
 // Driver implements all interfaces of CSI drivers
@@ -146,6 +147,7 @@ type Driver struct {
 	enableGetVolumeStats      bool
 	appendTimeStampInCacheDir bool
 	blobfuseProxyConnTimout   int
+	mountPermissions          uint64
 	mounter                   *mount.SafeFormatAndMount
 	volLockMap                *util.LockMap
 	// A map storing all volumes with ongoing operations so that additional operations
@@ -176,6 +178,7 @@ func NewDriver(options *DriverOptions) *Driver {
 		enableBlobMockMount:        options.EnableBlobMockMount,
 		allowEmptyCloudConfig:      options.AllowEmptyCloudConfig,
 		enableGetVolumeStats:       options.EnableGetVolumeStats,
+		mountPermissions:           options.MountPermissions,
 	}
 	d.Name = options.DriverName
 	d.Version = driverVersion

diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go
@@ -107,7 +107,7 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
 	klog.V(2).Infof("NodePublishVolume: volume %s mounting %s at %s with mountOptions: %v", volumeID, source, target, mountOptions)
 	if d.enableBlobMockMount {
 		klog.Warningf("NodePublishVolume: mock mount on volumeID(%s), this is only for TESTING!!!", volumeID)
-		if err := volumehelper.MakeDir(target); err != nil {
+		if err := volumehelper.MakeDir(target, os.FileMode(d.mountPermissions)); err != nil {
 			klog.Errorf("MakeDir failed on target: %s (%v)", target, err)
 			return nil, err
 		}
@@ -260,11 +260,11 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 			return nil, status.Error(codes.Internal, fmt.Sprintf("volume(%s) mount %q on %q failed with %v", volumeID, source, targetPath, err))
 		}
 
-		// set 0777 for NFSv3 root folder
-		if err := os.Chmod(targetPath, 0777); err != nil {
+		// set permisssions for NFSv3 root folder
+		if err := os.Chmod(targetPath, os.FileMode(d.mountPermissions)); err != nil {
 			return nil, status.Error(codes.Internal, fmt.Sprintf("Chmod(%s) failed with %v", targetPath, err))
 		}
-		klog.V(2).Infof("volume(%s) mount %q on %q succeeded", volumeID, source, targetPath)
+		klog.V(2).Infof("volume(%s) mount %q on %q with 0%o succeeded", volumeID, source, targetPath, d.mountPermissions)
 
 		return &csi.NodeStageVolumeResponse{}, nil
 	}
@@ -294,7 +294,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	authEnv = append(authEnv, "AZURE_STORAGE_ACCOUNT="+accountName, "AZURE_STORAGE_BLOB_ENDPOINT="+serverAddress)
 	if d.enableBlobMockMount {
 		klog.Warningf("NodeStageVolume: mock mount on volumeID(%s), this is only for TESTING!!!", volumeID)
-		if err := volumehelper.MakeDir(targetPath); err != nil {
+		if err := volumehelper.MakeDir(targetPath, os.FileMode(d.mountPermissions)); err != nil {
 			klog.Errorf("MakeDir failed on target: %s (%v)", targetPath, err)
 			return nil, err
 		}
@@ -475,7 +475,7 @@ func (d *Driver) ensureMountPoint(target string) (bool, error) {
 		notMnt = true
 		return !notMnt, err
 	}
-	if err := volumehelper.MakeDir(target); err != nil {
+	if err := volumehelper.MakeDir(target, os.FileMode(d.mountPermissions)); err != nil {
 		klog.Errorf("MakeDir failed on target: %s (%v)", target, err)
 		return !notMnt, err
 	}

diff --git a/pkg/blobplugin/main.go b/pkg/blobplugin/main.go
@@ -53,6 +53,7 @@ var (
 	allowEmptyCloudConfig      = flag.Bool("allow-empty-cloud-config", true, "allow running driver without cloud config")
 	enableGetVolumeStats       = flag.Bool("enable-get-volume-stats", false, "allow GET_VOLUME_STATS on agent node")
 	appendTimeStampInCacheDir  = flag.Bool("append-timestamp-cache-dir", false, "append timestamp into cache directory on agent node")
+	mountPermissions           = flag.Uint64("mount-permissions", 0777, "mounted folder permissions")
 )
 
 func main() {
@@ -87,6 +88,7 @@ func handle() {
 		AllowEmptyCloudConfig:      *allowEmptyCloudConfig,
 		EnableGetVolumeStats:       *enableGetVolumeStats,
 		AppendTimeStampInCacheDir:  *appendTimeStampInCacheDir,
+		MountPermissions:           *mountPermissions,
 	}
 	driver := blob.NewDriver(&driverOptions)
 	if driver == nil {

diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -77,8 +77,8 @@ func GetMountOptions(options []string) string {
 	return str
 }
 
-func MakeDir(pathname string) error {
-	err := os.MkdirAll(pathname, os.FileMode(0755))
+func MakeDir(pathname string, perm os.FileMode) error {
+	err := os.MkdirAll(pathname, perm)
 	if err != nil {
 		if !os.IsExist(err) {
 			return err

diff --git a/pkg/util/util_test.go b/pkg/util/util_test.go
@@ -159,7 +159,7 @@ func TestGetMountOptions(t *testing.T) {
 func TestMakeDir(t *testing.T) {
 	//Successfully create directory
 	targetTest := "./target_test"
-	err := MakeDir(targetTest)
+	err := MakeDir(targetTest, 0777)
 	assert.NoError(t, err)
 
 	// Remove the directory created