question: mountpoint permission #112
Comments
|
PTAL @mwennrich |
|
Hi @lucming can you please explain how it was possible to switch from a csi-driver-lvm volume to a ebs volume while the directory stays the same ? By switching the csi, you got a completely new PVC which does not have any relation the the previous one. Just want to understand you issue more. |
@majst01 thanks for your reply, there are some discussions you might want to check out. kubernetes-sigs/aws-ebs-csi-driver#2211 |
|
I've observed that many storage plugins don't grant 777 permissions. If a pod used the |
|
@majst01 PTAL ~ |
hi, everyone, I'd like to pose a question
A pod (run as a non-root user) that uses storage switched from lvm to ebs, it prompted that there was no write permission. It was found that the permissions of the mount directory of the pod using the lvm plugin is 777 (code: https://github.com/metal-stack/csi-driver-lvm/blob/master/pkg/lvm/lvm.go#L214 ), so any user in the container can read and write. But the permissions of the mount directory of ebs plugin is 755 (code: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/pkg/mounter/mount_linux.go#L272 ), only the root user has write permission. Seeing that the permissions of the mount directories of other csi plugins in the community are mostly 755 or 750, why does the lvm plugin set the permissions of the mount directory to 777?
other storage plugin:
https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/pkg/mounter/mount_linux.go#L272
https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/pkg/driver/mounter.go#L40
other lvm-csi plugin:
https://github.com/wavezhang/k8s-csi-lvm/blob/master/pkg/lvm/nodeserver.go#L116
https://github.com/aleofreddi/csi-sanlock-lvm/blob/master/pkg/driverd/filesystem.go#L213
related pr: kubernetes-sigs/aws-ebs-csi-driver#2207
The text was updated successfully, but these errors were encountered: