setgid and permission

Author: m-anyac

pkg/blob/nodeserver.go

@@ -385,15 +385,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		}
 
 		if volumeMountGroup != "" && fsGroupChangePolicy != FSGroupChangeNone {
-			klog.V(2).Infof("set gid of volume(%s) as %s and fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy)
-			// set the GID of the volume mount point to the group ID specified in the volumeMountGroup
-			// and files and directories in NFS share will inherit the group ID of its parent directory
-			gid, err := strconv.Atoi(volumeMountGroup)
-			if err != nil {
-				return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("convert %s to int failed with %v", volumeMountGroup, err))
-			}
-			if err := os.Lchown((targetPath), -1, gid); err != nil {
-				return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %d failed with %v", targetPath, gid, err))
+			klog.V(2).Infof("set gid of volume(%s) as %s when fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy)
+			if err := volumehelper.SetRootOwnership(targetPath, volumeMountGroup); err != nil {
+				return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %s failed with %v", targetPath, volumeMountGroup, err))
 			}
 		}
 

pkg/util/util.go

@@ -395,6 +395,38 @@ func SetVolumeOwnership(path, gid, policy string) error {
 	return volume.SetVolumeOwnership(&VolumeMounter{path: path}, path, &gidInt64, &fsGroupChangePolicy, nil)
 }
 
+// SetRootOwnership sets the ownership of the root directory, Setgid bit and permission
+func SetRootOwnership(rootDir string, fsgroup string) error {
+	gid, err := strconv.Atoi(fsgroup)
+	if err != nil {
+		return fmt.Errorf("convert %s to int failed with %v", fsgroup, err)
+	}
+
+	if err := os.Lchown(rootDir, -1, gid); err != nil {
+		return fmt.Errorf("set root ownership failed with %v", err)
+	}
+
+	fsInfo, err := os.Stat(rootDir)
+	if err != nil {
+		return fmt.Errorf("failed to get file system info for %s: %v", rootDir, err)
+	}
+
+	if fsInfo.Mode()&os.ModeSymlink != 0 {
+		return nil
+	}
+
+	unixPerms := os.FileMode(0660)
+	unixPerms |= os.ModeSetgid
+	unixPerms |= os.FileMode(0110)
+
+	err = os.Chmod(rootDir, fsInfo.Mode()|unixPerms)
+	if err != nil {
+		klog.ErrorS(err, "chmod failed", "path", rootDir)
+	}
+
+	return nil
+}
+
 // ExecFunc returns a exec function's output and error
 type ExecFunc func() (err error)