Fix permission denied when access dynamic provisioning volume with a …

…non root user (#93) * chmod bind mount source dir creation mode to 0777 * fix juicefs rmr * fix dir perm
juicedata · May 24, 2021 · 95c32f8 · 95c32f8
1 parent 0d7015c
commit 95c32f8
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/pkg/driver/controller.go b/pkg/driver/controller.go
@@ -100,7 +100,7 @@ func (d *controllerService) DeleteVolume(ctx context.Context, req *csi.DeleteVol
 	}
 
 	klog.V(5).Infof("DeleteVolume: Deleting volume %q", volumeID)
-	err = jfs.DeleteVol(volumeID)
+	err = jfs.DeleteVol(volumeID, secrets)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "Could not delete volume: %q", volumeID)
 	}

diff --git a/pkg/juicefs/juicefs.go b/pkg/juicefs/juicefs.go
@@ -57,7 +57,7 @@ type jfs struct {
 type Jfs interface {
 	GetBasePath() string
 	CreateVol(volumeID, subPath string) (string, error)
-	DeleteVol(volumeID string) error
+	DeleteVol(volumeID string, secrets map[string]string) error
 }
 
 var _ Jfs = &jfs{}
@@ -77,21 +77,30 @@ func (fs *jfs) CreateVol(volumeID, subPath string) (string, error) {
 	}
 	if !exists {
 		klog.V(5).Infof("CreateVol: volume not existed")
-		err := os.MkdirAll(volPath, os.FileMode(0755))
+		err := os.MkdirAll(volPath, os.FileMode(0777))
 		if err != nil {
 			return "", status.Errorf(codes.Internal, "Could not make directory for meta %q", volPath)
 		}
 	}
+	if fi, err := os.Stat(volPath); err != nil {
+		return "", status.Errorf(codes.Internal, "Could not stat directory %s: %q", volPath, err)
+	} else if fi.Mode().Perm() != 0777 { // The perm of `volPath` may not be 0777 when the umask applied
+		err = os.Chmod(volPath, os.FileMode(0777))
+		if err != nil {
+			return "", status.Errorf(codes.Internal, "Could not chmod directory %s: %q", volPath, err)
+		}
+	}
 
 	return volPath, nil
 }
 
-func (fs *jfs) DeleteVol(volumeID string) error {
+func (fs *jfs) DeleteVol(volumeID string, secrets map[string]string) error {
 	volPath := filepath.Join(fs.MountPath, volumeID)
 	if existed, err := mount.PathExists(volPath); err != nil {
 		return status.Errorf(codes.Internal, "Could not check volume path %q exists: %v", volPath, err)
 	} else if existed {
-		stdoutStderr, err := fs.Provider.RmrDir(volPath)
+		_, isCeMount := secrets["metaurl"]
+		stdoutStderr, err := fs.Provider.RmrDir(volPath, isCeMount)
 		klog.V(5).Infof("DeleteVol: rmr output is '%s'", stdoutStderr)
 		if err != nil {
 			return status.Errorf(codes.Internal, "Could not delete volume path %q: %v", volPath, err)
@@ -174,9 +183,13 @@ func (j *juicefs) JfsUnmount(mountPath string) (err error) {
 	return
 }
 
-func (j *juicefs) RmrDir(directory string) ([]byte, error) {
+func (j *juicefs) RmrDir(directory string, isCeMount bool) ([]byte, error) {
 	klog.V(5).Infof("RmrDir: removing directory recursively: %q", directory)
-	return j.Exec.Command(cliPath, "rmr", directory).CombinedOutput()
+	cmd := cliPath
+	if isCeMount {
+		cmd = ceCliPath
+	}
+	return j.Exec.Command(cmd, "rmr", directory).CombinedOutput()
 }
 
 // AuthFs authenticates JuiceFS, enterprise edition only

diff --git a/tests/sanity/fake_juicefs_provider.go b/tests/sanity/fake_juicefs_provider.go
@@ -88,7 +88,7 @@ func (fs *fakeJfs) CreateVol(name, subPath string) (string, error) {
 	return "", status.Error(codes.AlreadyExists, "Volume already exists")
 }
 
-func (fs *fakeJfs) DeleteVol(name string) error {
+func (fs *fakeJfs) DeleteVol(name string, secrets map[string]string) error {
 	delete(fs.volumes, name)
 	return nil
 }