here's a directory set up to be read-write by a group with all files and subdirectories the same The directory is drwxrws--- Here's the NFSv4 ACL: A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A::EVERYONE@:tcy A:fdi:OWNER@:rwaDxtTcCy A:fdi:GROUP@:rwaDxtcy A:fdi:EVERYONE@:tcy Of course you wouldn't set it that way. nfs4_setfacl understands RWX as a macro for all those bits. On the server it's a Posix ACL. Here it is: # file: big/main/projects/xxx # owner: xxx # group: xxx # flags: -s- user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:mask::rwx default:other::--- In fact in this case I set it on the server with setfacl, but it shouldn't matter. The inheritance is done by the server for NFS v4.2. 4.0 and 4.1 don't quite work, because some key information isn't sent to the server. On Linux, NFS v3 actually works. You can use setfacl on the client. The inherited properties are set by the client with an extra NFS set attribute call, because the NFS v3 protocol doesn't send enough information for the server to do it. There's a problem. If users create new files and subdirectories they get the right permissions. But if they copy files from somewhere else, the cp command preserves the permissions pf the source file, ignoring the defaults. Given how people actually use Linux this makes default permissions less useful than you'd expect. ------------------ From: Dan Shelton <dan.f.shelton@xxxxxxxxx> Sent: Tuesday, March 12, 2024 6:14 PM To: Linux NFS Mailing List <linux-nfs@xxxxxxxxxxxxxxx> Subject: NFSv4.2 ACL inheritance, examples, and who does do it? Hello! 1. Can someone give an example how NFSv4.2 ACL inheritance should work, e.g. multiple usage examples, for inheriting user access bits and multiple groups access bits set for a dir, and inherited by new files and dirs. 2. Who does the inheriting for new files and new dirs - the NFSv4.2 server, or the NFSv4.2 client? Dan -- Dan Shelton - Cluster Specialist Win/Lin/Bsd
