From 2347cae930ca1902024186dd2624c7f978fa9400 Mon Sep 17 00:00:00 2001 From: Anya Chang Date: Tue, 18 Mar 2025 21:17:52 -0700 Subject: [PATCH 1/3] fix: set gid of volume mount point to avoid the issue of time exceeding --- pkg/blob/nodeserver.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go index a5d9414b9..f86e8d1d1 100644 --- a/pkg/blob/nodeserver.go +++ b/pkg/blob/nodeserver.go @@ -385,9 +385,15 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe } if volumeMountGroup != "" && fsGroupChangePolicy != FSGroupChangeNone { - klog.V(2).Infof("set gid of volume(%s) as %s using fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy) - if err := volumehelper.SetVolumeOwnership(targetPath, volumeMountGroup, fsGroupChangePolicy); err != nil { - return nil, status.Error(codes.Internal, fmt.Sprintf("SetVolumeOwnership with volume(%s) on %s failed with %v", volumeID, targetPath, err)) + klog.V(2).Infof("set gid of volume(%s) as %s and fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy) + // set the GID of the volume mount point to the group ID specified in the volumeMountGroup + // and files and directories in NFS share will inherit the group ID of its parent directory + gid, err := strconv.Atoi(volumeMountGroup) + if err != nil { + return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("convert %s to int failed with %v", volumeMountGroup, err)) + } + if err := os.Chown((targetPath), -1, gid); err != nil { + return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %d failed with %v", targetPath, gid, err)) } } From 93cdc967f47bafbab504d29310e8c7b1dd684cf2 Mon Sep 17 00:00:00 2001 From: Anya Chang Date: Wed, 19 Mar 2025 19:36:22 -0700 Subject: [PATCH 2/3] fix mismatch gid on pod and volume --- pkg/blob/nodeserver.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go index f86e8d1d1..26b699a27 100644 --- a/pkg/blob/nodeserver.go +++ b/pkg/blob/nodeserver.go @@ -392,7 +392,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("convert %s to int failed with %v", volumeMountGroup, err)) } - if err := os.Chown((targetPath), -1, gid); err != nil { + if err := os.Lchown((targetPath), -1, gid); err != nil { return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %d failed with %v", targetPath, gid, err)) } } From ff556e922a327e0645d6a831f6cf81613952820b Mon Sep 17 00:00:00 2001 From: Anya Chang Date: Fri, 21 Mar 2025 15:13:35 -0700 Subject: [PATCH 3/3] setgid and permission --- pkg/blob/nodeserver.go | 12 +++--------- pkg/util/util.go | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go index 26b699a27..283d70e6c 100644 --- a/pkg/blob/nodeserver.go +++ b/pkg/blob/nodeserver.go @@ -385,15 +385,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe } if volumeMountGroup != "" && fsGroupChangePolicy != FSGroupChangeNone { - klog.V(2).Infof("set gid of volume(%s) as %s and fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy) - // set the GID of the volume mount point to the group ID specified in the volumeMountGroup - // and files and directories in NFS share will inherit the group ID of its parent directory - gid, err := strconv.Atoi(volumeMountGroup) - if err != nil { - return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("convert %s to int failed with %v", volumeMountGroup, err)) - } - if err := os.Lchown((targetPath), -1, gid); err != nil { - return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %d failed with %v", targetPath, gid, err)) + klog.V(2).Infof("set gid of volume(%s) as %s when fsGroupChangePolicy(%s)", volumeID, volumeMountGroup, fsGroupChangePolicy) + if err := volumehelper.SetRootOwnership(targetPath, volumeMountGroup); err != nil { + return nil, status.Error(codes.Internal, fmt.Sprintf("Failed to set GID of root directory %s to %s failed with %v", targetPath, volumeMountGroup, err)) } } diff --git a/pkg/util/util.go b/pkg/util/util.go index 4225a2cf8..8a9cfa881 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -395,6 +395,38 @@ func SetVolumeOwnership(path, gid, policy string) error { return volume.SetVolumeOwnership(&VolumeMounter{path: path}, path, &gidInt64, &fsGroupChangePolicy, nil) } +// SetRootOwnership sets the ownership of the root directory, Setgid bit and permission +func SetRootOwnership(rootDir string, fsgroup string) error { + gid, err := strconv.Atoi(fsgroup) + if err != nil { + return fmt.Errorf("convert %s to int failed with %v", fsgroup, err) + } + + if err := os.Lchown(rootDir, -1, gid); err != nil { + return fmt.Errorf("set root ownership failed with %v", err) + } + + fsInfo, err := os.Stat(rootDir) + if err != nil { + return fmt.Errorf("failed to get file system info for %s: %v", rootDir, err) + } + + if fsInfo.Mode()&os.ModeSymlink != 0 { + return nil + } + + unixPerms := os.FileMode(0660) + unixPerms |= os.ModeSetgid + unixPerms |= os.FileMode(0110) + + err = os.Chmod(rootDir, fsInfo.Mode()|unixPerms) + if err != nil { + klog.ErrorS(err, "chmod failed", "path", rootDir) + } + + return nil +} + // ExecFunc returns a exec function's output and error type ExecFunc func() (err error)