RE: POSIX acls over nfs4

<tao.peng@xxxxxxx> · Thu, 23 Feb 2012 03:33:35 -0500



> -----Original Message-----
> From: linux-nfs-owner@xxxxxxxxxxxxxxx [mailto:linux-nfs-owner@xxxxxxxxxxxxxxx] On Behalf Of steve
> Sent: Thursday, February 23, 2012 3:15 PM
> To: linux-nfs@xxxxxxxxxxxxxxx
> Subject: Re: POSIX acls over nfs4
> 
> Hi everyone
> I'm sorry to bump this but I've tried the opensuse, ubuntu and samba
> lists without any luck.
Not reading the details in your setup, but maybe following summary can help you a bit.
http://www.suse.de/~agruen/acl/linux-acls/online/

Cheers,
Tao
> 
> The acls I have created are not inherited when exporting via nfs4. Can
> anyone help me with this? Tell me it can/can't be done? Versions of nfs
> to use? Details below.
> Thanks,
> Steve
> 
> 
> On 02/19/2012 06:15 PM, steve wrote:
> > On 18/02/12 21:08, steve wrote:
> >> Hi
> >> Is it possible for nfs4 to respect the acls I have setup on an ext4
> >> export?
> >> Thanks,
> >> Steve
> >>
> >> openSUSE 12.1
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Sorry, this is what I've tried so far:
> >  cat /etc/exports
> > /home
> > *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
> >
> > 1. Make a folder to share:
> > hh3:/home/CACTUS # mkdir -m 770 dropbox
> > hh3:/home/CACTUS # chown root:suseusers dropbox
> >
> > 2. Mount the share:
> > hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
> >
> > 3. Look at the acls:
> > nfs4_getfacl /mnt/CACTUS/dropbox
> > A::OWNER@:rwaDxtTcCy
> > A::GROUP@:rwaDxtcy
> > A::EVERYONE@:tcy
> >
> > Set an acl so that members of suseusers have rw on the share:
> > hh3:/home/CACTUS # nfs4_setfacl -a A:g:suseusers@xxxxxxxx:RW
> > /mnt/CACTUS/dropbox
> >
> > hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> > A::OWNER@:rwaDxtTcCy
> > A::GROUP@:rwaDxtcy
> > A:g:suseusers@xxxxxxxx:rwaDtcy
> > A::EVERYONE@:tcy
> >
> > 4. Yes. Back in the unmounted directory, the acl + has appeared:
> > hh3:/home/CACTUS # ls -la dropbox/
> > total 8
> > drwxrwx---+ 2 root suseusers 4096 Feb 19 10:55 .
> > drwxr-xr-x  9 root root      4096 Feb 19 10:55 ..
> >
> > 5. On the mounted share, the acl is not visible. steve6 can create a
> > file but it is _not_ group rw:
> > steve6@hh3:~> cd /mnt/CACTUS/dropbox/
> > steve6@hh3:/mnt/CACTUS/dropbox> touch hola.txt
> > steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> > total 8
> > drwxrwx--- 2 root   suseusers 4096 Feb 19 11:02 .
> > drwxr-xr-x 9 root   root      4096 Feb 19 10:55 ..
> > -rw-r--r-- 1 steve6 suseusers    0 Feb 19 11:02 hola.txt
> >
> > 6. Recreate the share but this time with a posix acl:
> > setfacl -d -m g::rw /home/CACTUS/dropbox
> > steve6@hh3:/home/CACTUS> touch dropbox/h
> > steve6@hh3:/home/CACTUS> ls -la dropbox/
> > total 8
> > drwxrws---+ 2 root   suseusers 4096 Feb 19 11:13 .
> > drwxr-xr-x  9 root   root      4096 Feb 19 11:11 ..
> > -rw-rw----  1 steve6 suseusers    0 Feb 19 11:13 h
> >
> > Yes. Now when steve6 creates a file it _is_ group rw. = posix acl is
> > working.
> >
> > 7. Mount the new posix share and test again:
> > hh3:/home/CACTUS #chmod g+s /home/CACTUS/dropbox
> > hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
> > hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> > A::OWNER@:rwaDxtTcCy
> > A::GROUP@:rwaDxtcy
> > A::EVERYONE@:tcy
> > A:fdi:OWNER@:rwaDxtTcCy
> > A:fdi:GROUP@:rwaDtcy
> > A:fdi:EVERYONE@:tcy
> >
> > steve6@hh3:/mnt/CACTUS/dropbox> touch h2
> > steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> > total 8
> > drwxrws--- 2 root   suseusers 4096 Feb 19 11:19 .
> > drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> > -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> > -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> > hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> > A::OWNER@:rwaDxtTcCy
> > A::GROUP@:rwaDxtcy
> > A::EVERYONE@:tcy
> > A:fdi:OWNER@:rwaDxtTcCy
> > A:fdi:GROUP@:rwaDtcy
> > A:fdi:EVERYONE@:tcy
> > hh3:/home/CACTUS # nfs4_setfacl -a A:fdi:GROUP@:RWX
> > /mnt/CACTUS/dropboxhh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> > A::OWNER@:rwaDxtTcCy
> > A::GROUP@:rwaDxtcy
> > A::EVERYONE@:tcy
> > A:fdi:OWNER@:rwaDxtTcCy
> > A:fdi:GROUP@:rwaDxtcy
> > A:fdi:EVERYONE@:tcy
> >
> > steve6@hh3:/mnt/CACTUS/dropbox> touch h3
> > steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> > total 8
> > drwxrws--- 2 root   suseusers 4096 Feb 19 11:21 .
> > drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> > -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> > -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> > -rw-r----- 1 steve6 suseusers    0 Feb 19 11:21 h3
> >
> > Still no group rw on created files. = nfs4 acl is not working as
> > expected.
> >
> > Workaround. Get the out the big hammer:
> > #!/bin/sh
> > while true; do $(chmod -R g+w /home/CACTUS/dropbox); sleep 2; done
> >
> > Question:
> > What am I missing? How do I set files created on an nfs4 share to take
> > group rw?
> >
> > Thanks,
> > Steve
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥