VCS Mount Agent - CreateMntPt attribute - The new mount point to is always created with system default permission as specified in umask regardless of MntPtPermission, MntPtOwner and MntPtGroup
Article ID: 100007070
Updated On:
Description
Error Message
VCS INFO V-16-10031-5535 (host01) Mount:MNT_log01:online:MountPoint successfully created
VCS WARNING V-16-10031-5558 (host01) Mount:MNT_log01:online:MountPoint created with default permission masks 077. It may not be accessible to all users
Cause
The VCS engine daemon (had) inherits the umask from the process that starts it. During the system boot, VCS engine daemon will inherit the umask from the system default. When the daemon is restarted, the umask will be inherited from the shell program that starts it. The Mount agent inherits the umask from the VCS engine daemon in turn. When CreateMntPt attribute is enabled for a Mount resource, the Mount agent will create the specified mount point (MountPoint attribute, if the directory hasn't existed yet) using the umask value inherited.
Please note that the Mount agent will NOT create the mount point according to the specified permission attributes (MntPtPermission, MntPtOwner and MntPtGroup). These three attributes will only be used by the Monitor entry point to monitor the root directory of the specified filesystem if AccessPermissionChk attribute is enabled.
Please make sure that the system default umask is set appropriately and when VCS is manually restarted, the user shell process has the correct umask as well. This will ensure that the VCS engine daemon and hence the Mount agent will inherit the correct umask.
Resolution
If you want to make sure that the VCS engine daemon always have the proper umask, you can add the following command to the /opt/VRTSvcs/bin/vcsenv file.
umask
For example,
umask 022
Appropriate umask is especially important when RecursiveMnt is specified. It is because the Mount agent will run "mkdir -p
If umask is set to 027 when VCS is started, the mkdir -p called by the Mount agent will create the following intermediary directories.
# grep umask /opt/VRTSvcs/bin/vcsenv
umask 027
Mount MNT_cvol03 (
Critical = 0
MountPoint = "/cvmdg/dirA/dirB/cvol03"
BlockDevice = "/dev/vx/dsk/cvmdg/cvol03"
FSType = vxfs
FsckOpt = "-y"
CreateMntPt = 2
MntPtPermission = 0755
MntPtOwner = simple
MntPtGroup = simple
AccessPermissionChk = 1
RecursiveMnt = 1
)
# find /cvmdg -ls
46038 4 drwxr-x--- 3 root root 4096 Nov 8 16:37 /cvmdg
48840 4 drwxr-x--- 3 root root 4096 Nov 8 16:37 /cvmdg/dirA
48969 4 drwxr-x--- 3 root root 4096 Nov 8 16:37 /cvmdg/dirA/dirB
the above directories are created by Mount agent using mkdir -p with umask 027, resulting permission becomes 750.
the above directories also have the owner and group set according to the user and group of the VCS engine daemon process which is root:root and not simple:simple as specified in MntPtOwner and MntPtGroup.
root directory of filesystem cvmdg/cvol03 is owned by simple:simple which should be set by the user outside VCS. It is not set by the VCS Mount agent:
2 0 drwxr-x--- 5 simple simple 96 Nov 8 15:07 /cvmdg/dirA/dirB/cvol03 <<< Inode number 2 is root directory of the mounted filesystem
3 0 drwxr-xr-x 2 root root 96 Nov 8 14:59 /cvmdg/dirA/dirB/cvol03/lost+found
4 0 drwxrwxr-x 2 simple simple 96 Nov 8 15:07 /cvmdg/dirA/dirB/cvol03/dirA
5 0 drwxrwxr-x 2 simple simple 96 Nov 8 15:07 /cvmdg/dirA/dirB/cvol03/dirB
Please note that after the filesystem is mounted, the root directory of the filesystem (with inode number 2) overlays on top of the mount point. As a result the original mount point directory of the parent filesystem is not visible after the child filesystem is mounted.
Applies To
Infoscale Cluster System (VCS)
Issue/Introduction
Additional Information
