Skip to content

feat: support backends that don't allow file owner changes#206

Open
Tyler-2 wants to merge 1 commit intolancachenet:masterfrom
Tyler-2:functional_permissions_checker
Open

feat: support backends that don't allow file owner changes#206
Tyler-2 wants to merge 1 commit intolancachenet:masterfrom
Tyler-2:functional_permissions_checker

Conversation

@Tyler-2
Copy link
Copy Markdown

@Tyler-2 Tyler-2 commented Mar 7, 2025
edited
Loading

What it does:

  • Checks the actual read/write ability of cache files by the cache user, instead of just checking ownership.

Why does it do that:

Testing done

I've been running with this configmap in my cluster:

apiVersion: v1
kind: ConfigMap
metadata:
  name: lancache-script-permission-check
  namespace: "{{ lancache_namespace }}"
data:
  20_perms_check.sh: |
    #!/bin/bash
    if [ -d "/data/cache/cache" ]; then
      echo "Running fast permissions check - listing files that fail permission check:"
      su - ${WEBUSER} -c 'find /data/cache/cache -maxdepth 1 ! -readable -o ! -writable | grep . && exit 1 || exit 0'
      if [[ $? -eq 0 || "$FORCE_PERMS_CHECK" == "true" ]]; then
        echo "Doing full checking of permissions (This WILL take a long time on large caches)..."
        find /data \! -user ${WEBUSER} -exec chown ${WEBUSER}:${WEBUSER} '{}' +
        echo "Permissions ok"
      else
        echo "Fast permissions check successful, if you have any permissions error try running with -e FORCE_PERMS_CHECK = true"
      fi
    fi

and then these mods to the stateful set podspec to patch it in:

      volumes:
        - name: script-permission-check-configmap
          configMap:
            name: lancache-script-permission-check
            defaultMode: 0777

        volumeMounts:
          - name: script-permission-check-configmap
            mountPath: /hooks/entrypoint-pre.d/20_perms_check.sh
            subPath: 20_perms_check.sh

It works as expected and I have not suffered any ill effects on a 1.5TB cache.

@Tyler-2
feat: check functional permissions of cache instead
ad1a9ca 
This will allow for a wider variety of backend storage configurations.
@Tyler-2 Tyler-2 changed the title feat: check functional permissions of cache feat: support backends that don't allow file owner changes Mar 7, 2025
@VibroAxe
Copy link
Copy Markdown
Member

VibroAxe commented Mar 10, 2025

LGTM @Lepidopterist ?

VibroAxe
VibroAxe approved these changes Mar 10, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@VibroAxe VibroAxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Tyler-2
Copy link
Copy Markdown
Author

Tyler-2 commented Mar 21, 2025

Been running with this and still haven't discovered any problems.

@NelsonDane
Copy link
Copy Markdown

NelsonDane commented Sep 9, 2025

I've been using this patch for many months and wanted to confirm that it works well. Thank you @Tyler-2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VibroAxe VibroAxe VibroAxe approved these changes

@Lepidopterist Lepidopterist Awaiting requested review from Lepidopterist

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tyler-2 @VibroAxe @NelsonDane