On Tue, Mar 24, 2009 at 05:44:07PM -0400, Trond Myklebust wrote: > On Tue, 2009-03-24 at 16:10 -0400, J. Bruce Fields wrote: > > On Tue, Mar 24, 2009 at 02:56:25AM +0100, Alex Bremer wrote: > > > >> How do other people share public files with NFS4? If there is no other > > > >> way than setting the users's umask to 002, this would practically > > > >> limit the use of NFS4 to private shares like home directories. > > > > > > > > I don't understand why--can't you use the user-private-group trick?: ... > > > - we actually have directories where files should only be group readable. > > > > I don't get it--why not set an inheritable acl on those directories that > > permits only read to the group? > > That only works if the client actually respects the acl... I don't understand. ACL enforcement and inheritance are both done on the server side. The problem is just that the umask is applied on the client side. But if the umask is 002, and an inheritable ACL permits only read, then the result of inheritance and umask-application will be an ACL that permits reads (and only reads) to the group owner (and to any named users and groups). --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
