Re: POSIX acls over nfs4

[steve <steve@xxxxxxxxxxxx>]

Hi everyone
I'm sorry to bump this but I've tried the opensuse, ubuntu and samba 
lists without any luck.

The acls I have created are not inherited when exporting via nfs4. Can 
anyone help me with this? Tell me it can/can't be done? Versions of nfs 
to use? Details below.
Thanks,
Steve


On 02/19/2012 06:15 PM, steve wrote:
> On 18/02/12 21:08, steve wrote:
> > Hi
> > Is it possible for nfs4 to respect the acls I have setup on an ext4 
> > export?
> > Thanks,
> > Steve
> >
> > openSUSE 12.1
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Sorry, this is what I've tried so far:
>  cat /etc/exports
> /home 
> *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
>
> 1. Make a folder to share:
> hh3:/home/CACTUS # mkdir -m 770 dropbox
> hh3:/home/CACTUS # chown root:suseusers dropbox
>
> 2. Mount the share:
> hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
>
> 3. Look at the acls:
> nfs4_getfacl /mnt/CACTUS/dropbox
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
>
> Set an acl so that members of suseusers have rw on the share:
> hh3:/home/CACTUS # nfs4_setfacl -a A:g:suseusers@xxxxxxxx:RW 
> /mnt/CACTUS/dropbox
>
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A:g:suseusers@xxxxxxxx:rwaDtcy
> A::EVERYONE@:tcy
>
> 4. Yes. Back in the unmounted directory, the acl + has appeared:
> hh3:/home/CACTUS # ls -la dropbox/
> total 8
> drwxrwx---+ 2 root suseusers 4096 Feb 19 10:55 .
> drwxr-xr-x  9 root root      4096 Feb 19 10:55 ..
>
> 5. On the mounted share, the acl is not visible. steve6 can create a 
> file but it is _not_ group rw:
> steve6@hh3:~> cd /mnt/CACTUS/dropbox/
> steve6@hh3:/mnt/CACTUS/dropbox> touch hola.txt
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrwx--- 2 root   suseusers 4096 Feb 19 11:02 .
> drwxr-xr-x 9 root   root      4096 Feb 19 10:55 ..
> -rw-r--r-- 1 steve6 suseusers    0 Feb 19 11:02 hola.txt
>
> 6. Recreate the share but this time with a posix acl:
> setfacl -d -m g::rw /home/CACTUS/dropbox
> steve6@hh3:/home/CACTUS> touch dropbox/h
> steve6@hh3:/home/CACTUS> ls -la dropbox/
> total 8
> drwxrws---+ 2 root   suseusers 4096 Feb 19 11:13 .
> drwxr-xr-x  9 root   root      4096 Feb 19 11:11 ..
> -rw-rw----  1 steve6 suseusers    0 Feb 19 11:13 h
>
> Yes. Now when steve6 creates a file it _is_ group rw. = posix acl is 
> working.
>
> 7. Mount the new posix share and test again:
> hh3:/home/CACTUS #chmod g+s /home/CACTUS/dropbox
> hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDtcy
> A:fdi:EVERYONE@:tcy
>
> steve6@hh3:/mnt/CACTUS/dropbox> touch h2
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrws--- 2 root   suseusers 4096 Feb 19 11:19 .
> drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDtcy
> A:fdi:EVERYONE@:tcy
> hh3:/home/CACTUS # nfs4_setfacl -a A:fdi:GROUP@:RWX 
> /mnt/CACTUS/dropboxhh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDxtcy
> A:fdi:EVERYONE@:tcy
>
> steve6@hh3:/mnt/CACTUS/dropbox> touch h3
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrws--- 2 root   suseusers 4096 Feb 19 11:21 .
> drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:21 h3
>
> Still no group rw on created files. = nfs4 acl is not working as 
> expected.
>
> Workaround. Get the out the big hammer:
> #!/bin/sh
> while true; do $(chmod -R g+w /home/CACTUS/dropbox); sleep 2; done
>
> Question:
> What am I missing? How do I set files created on an nfs4 share to take 
> group rw?
>
> Thanks,
> Steve
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html