Skip to content

[BUG] [transfer-pvc] Permission denied on uid-restricted directories causes silent data loss #213

Description

@midays

Description

When migrating a stateful application (MongoDB) using crane transfer-pvc, directories on the source PVC owned by an application-specific uid (e.g. uid 999, the mongodb user) with 700 permissions are silently skipped by rsync. The destination pod starts with an empty database, with no clear indication to the user that data was not transferred.

Steps to reproduce

  1. Deploy MongoDB on source cluster via k8s-apps-deployer (or any deployment that runs MongoDB as uid 999)
  2. Insert test documents into the database
  3. Run crane transfer-pvc without any pre-steps
  4. Deploy MongoDB on dest cluster using the transferred PVC
  5. Query the database — collection is empty (count: 0)

Actual behavior

Status: Partially failed
Failed files:
  - /mnt/mongo/data/.mongodb [Permission denied (13)]
  - /mnt/mongo/data/_tmp [Permission denied (13)]
  - /mnt/mongo/data/diagnostic.data [Permission denied (13)]
  - /mnt/mongo/data/journal [Permission denied (13)]

Expected behavior

All files on the source PVC are transferred regardless of file ownership. The destination database contains all source data. This is how MTC/Velero handles the same scenario, velero runs with elevated privileges and reads all files regardless of ownership without any user intervention.

Root cause

The rsync-server and rsync-client pods spawned by crane transfer-pvc run as uid 1000. MongoDB writes its data directories (journal/, _tmp/, diagnostic.data/, .mongodb/) as uid 999 with 700 (owner-only) permissions. rsync running as uid 1000 cannot read these directories and skips them silently.

Workaround

# Run as root on source PVC before transfer-pvc
chmod -R 755 <source-pvc-mount>

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    Fields

    No fields configured for Bug.

    Projects

    Status
    Todo

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions