NC | NSFS | Updating Account's UID and GID Results in AccessDenied in Put-Object

[shirady]

Environment info

• NooBaa Version: master (5.18)
• Platform: NC

Actual behavior

1. After updating the account's UID and GID, S3 put objects fail with AccessDenied.

Expected behavior

1. After updating account's UID and GID, succeed in S3 putobject or explicitly clarify in the docs (what will happen to the objects that we written with the previous UID and GID? what we should do before updating the UID and GID?)
   currently what we have (link):

• uid/gid/user - An account's access key is mapped to a file system uid/gid (or user). Before performing any file system operation, NooBaa switches to the account's UID/GID, ensuring that accounts access to buckets and objects is enforced by the file system.

Steps to reproduce

1. Create account with the CLI: sudo node src/cmd/manage_nsfs account add --name shira-1001 --new_buckets_path /tmp/nsfs_root1 --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
   Note: before creating the account need to give permission to the new_buckets_path: chmod 777 /tmp/nsfs_root2.
2. Create a bucket owned by the account with the CLI: sudo node src/cmd/manage_nsfs bucket add --name my-bucket --path /tmp/nsfs_root1/my-bucket --owner shira-1001
3. Start the NSFS server with: sudo node src/cmd/nsfs --debug 5
   Notes:

• Before starting the server please increase the debug level with: sudo vi /etc/noobaa.conf.d/config.json and then {"NOOBAA_LOG_LEVEL":"nsfs"}
• I Change the config.NSFS_CHECK_BUCKET_BOUNDARIES = false; //SDSD because I'm using the /tmp/ and not /private/tmp/.

4. Create the alias for S3 service: alias nc-user-1-s3='AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443'.
5. nc-user-1-s3 s3api put-object --bucket my-bucket --key hello (should succeed)
6. Update UID and GID of the account: sudo node src/cmd/manage_nsfs account update --name shira-1001 --uid <uid> --gid <gid>
7. nc-user-1-s3 s3api put-object --bucket my-bucket --key hello2 (currently fails) - to avoid working with the accounts cache restart the server before this operation (ctrl +c on sudo node src/cmd/nsfs --debug 5 and run it again).

More information - Screenshots / Logs / Other output

Logs:

Aug-18 15:22:13.787 [nsfs/23321]    [L1] core.endpoint.s3.s3_rest:: S3 REQUEST PUT /my-bucket/hello2 op put_object request_id lzzjeih9-7j92em-xmd { host: 'localhost:6443', 'accept-encoding': 'identity', 'user-agent': 'aws-cli/2.17.11 md/awscrt#0.20.11 ua/2.0 os/macos#23.4.0 md/arch#arm64 lang/python#3.11.9 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#s3api.put-object', 'content-md5': '1B2M2Y8AsgTpgAmY7PhCfg==', 'x-amz-date': '20240818T122213Z', 'x-amz-content-sha256': 'UNSIGNED-PAYLOAD', authorization: 'AWS4-HMAC-SHA256 Credential=Dwertyuiopasdfg11001/20240818/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date, Signature=53284ffb656e5cdbaf0b1dbb55d9a134aa783bff92f8cb7bdaca95980d978e9e', 'content-length': '0' }
Aug-18 15:22:13.788 [nsfs/23321]    [L0] core.endpoint.s3.ops.s3_put_object:: PUT OBJECT my-bucket hello2
2024-08-18 15:22:13.788674 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Stat _path=/tmp/nsfs_root1/my-bucket
2024-08-18 15:22:13.788700 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Stat _path=/tmp/nsfs_root1/my-bucket _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.788721 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Stat _path=/tmp/nsfs_root1/my-bucket _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.788779 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Stat _path=/tmp/nsfs_root1/my-bucket  took: 0.046042 ms
2024-08-18 15:22:13.788800 [PID-23321/TID-259] [L1] FS::Stat::OnOK: _path=/tmp/nsfs_root1/my-bucket _stat_res.st_ino=143630476 _stat_res.st_size=320
2024-08-18 15:22:13.789651 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/ _mode=504
2024-08-18 15:22:13.789677 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/ _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.789690 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/ _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.789704 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/ _mode=504  took: 0.0045 ms
2024-08-18 15:22:13.789727 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/ _mode=504  error.Message()=File exists
2024-08-18 15:22:13.790115 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/tmp _mode=504
2024-08-18 15:22:13.790132 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.790145 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.790157 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp _mode=504  took: 0.002584 ms
2024-08-18 15:22:13.790174 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/tmp _mode=504  error.Message()=File exists
2024-08-18 15:22:13.790246 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/tmp/nsfs_root1 _mode=504
2024-08-18 15:22:13.790258 [PID-23321/TID-8195] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1 _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.790269 [PID-23321/TID-8195] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1 _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.790287 [PID-23321/TID-8195] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1 _mode=504  took: 0.005917 ms
2024-08-18 15:22:13.790300 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/tmp/nsfs_root1 _mode=504  error.Message()=File exists
2024-08-18 15:22:13.790521 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/tmp/nsfs_root1/my-bucket _mode=504
2024-08-18 15:22:13.790536 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.790546 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.790560 [PID-23321/TID-9987] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket _mode=504  took: 0.003959 ms
2024-08-18 15:22:13.790574 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/tmp/nsfs_root1/my-bucket _mode=504  error.Message()=File exists
2024-08-18 15:22:13.790873 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df _mode=504
2024-08-18 15:22:13.790886 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.790894 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.790908 [PID-23321/TID-10243] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df _mode=504  took: 0.004666 ms
2024-08-18 15:22:13.790922 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df _mode=504  error.Message()=File exists
2024-08-18 15:22:13.790976 [PID-23321/TID-259] [L1] FS::FSWorker::Begin: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504
2024-08-18 15:22:13.790987 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504 _uid=2001 _gid=2001 _backend=
2024-08-18 15:22:13.790995 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504 _uid=2001 _gid=2001 geteuid()=2001 getegid()=2001 getuid()=2001 getgid()=2001
2024-08-18 15:22:13.791008 [PID-23321/TID-10499] [L1] FS::FSWorker::Execute: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504  took: 0.003208 ms
2024-08-18 15:22:13.791021 [PID-23321/TID-259] [L1] FS::FSWorker::OnError: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504  error.Message()=Permission denied
Aug-18 15:22:13.792 [nsfs/23321]  [WARN] core.sdk.namespace_fs:: NamespaceFS: upload_object buffer pool cleanup error [Error: Permission denied] { code: 'EACCES', context: 'Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504 ' }
Aug-18 15:22:13.792 [nsfs/23321] [ERROR] core.endpoint.s3.s3_rest:: S3 ERROR <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><Resource>/my-bucket/hello2</Resource><RequestId>lzzjeih9-7j92em-xmd</RequestId></Error> PUT /my-bucket/hello2 {"host":"localhost:6443","accept-encoding":"identity","user-agent":"aws-cli/2.17.11 md/awscrt#0.20.11 ua/2.0 os/macos#23.4.0 md/arch#arm64 lang/python#3.11.9 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#s3api.put-object","content-md5":"1B2M2Y8AsgTpgAmY7PhCfg==","x-amz-date":"20240818T122213Z","x-amz-content-sha256":"UNSIGNED-PAYLOAD","authorization":"AWS4-HMAC-SHA256 Credential=Dwertyuiopasdfg11001/20240818/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date, Signature=53284ffb656e5cdbaf0b1dbb55d9a134aa783bff92f8cb7bdaca95980d978e9e","content-length":"0"} Error: Permission denied - context: Mkdir _path=/tmp/nsfs_root1/my-bucket/.noobaa-nsfs_66c1e564cc8b2be4b69383df/uploads _mode=504