On Sat, Feb 25, 2012 at 09:19:37AM +0100, steve wrote: > On 23/02/12 17:08, steve wrote: > >On 02/23/2012 04:42 PM, J. Bruce Fields wrote: > >>>>First, if you want an ace on a directory to be inherited by files and > >>>>directories created under that directory, make sure you're setting > >>>>the f > >>>>and d flags (see nfs4_getfacl -H). > >>>> > >>>>Second, there's a umask problem: posix acl inheritance overrides the > >>>>umask, but nfs4 acl inheritance isn't doing that. (The client combines > >>>>the create mode and the umask and sets both together, there's no way > >>>>for > >>>>the server to even tell what the umask is.) > >>>> > >>>>(We should do something about this if we can: maybe modifying the > >>>>client > >>>>to scan the directory acl for any inheritable aces and leaving out the > >>>>umask if they're found? It has the obvious race, but I seem to recall > >>>>we live with that in the v3 case. Or maybe there's something more > >>>>clever, but this comes up every now and then and I can't remember a > >>>>better solution.) > >>>> > > Hi everyone > > This really is a show stopper for us. > > Would it be possible to give users the choice of being able to > disable nfs4 acls so we can fall back to POSIX or nt acls? Or at > least until the nfs4 team have had time to consider the situation? The NFSv4 protocol has no support for posix acls, so this isn't an option; possibly you're best off with v3 for some reason. (Why the migration to v4?) --b. > > Mounting with -o nofacl in the hope that the POSIX acl set on the > unmounted directory would take effect, seems to have no effect. > > What I'm doing at the moment is scanning the unmounted directory > every few seconds using 'find' and changing the files to g+rw:-( > > Thanks, > Steve > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
