I can't pretend to be familiar with solaris acls, but I have looked at the linux client while implementing partial acl support in ganesha. Following are my answers based on that: > On Fri, Nov 22, 2013 at 11:34:04AM -0800, Tim Rafert wrote: > > Looking for assistance if the following are REAL issues or expected behavior using NFSv4 ACL (on linux ol6 and interoperating with solaris). Thanks in advance. > > > > 1) Is there a max # of entries that can be stored in an ACL? If so - what is it (or is dependent on the device)? I don't see any mention of maximum in rfc5661. I'm pretty sure this should be "device dependent", with some vague notion of "slightly unreasonably large". > > > > 2) Is it up to my own implementation instead of the "NFS Client" on the OS to try and keep the ACLs clean/organized/etc? See my next question for further clarification I belive it's mostly an application/user responsibility to keep the acl clean. If the NFS acl is set indirectly, then whatever does that could change stuff. There's some complicated wording about trying to preserve as much of what the user sets as possible (such as permitting things to "BATCH@") while not pretending to do anything one can't do. Most of the excuses to do something indirectly with the acl have to do with posix acls or unix mode bits. > > > > 3) If a user adds the same ACE into an ACL multiple times - then it is actually added multiple times? For example: Should be. Or at least I wouldn't think the server should be attempting to do this gratuitously. Certainly any change that changes the semantics of the list is bad. I believe if you have only 'allow' entries, you can in fact reorder without changing the semantics, but as soon as there's any 'deny' entries, it gets messy. > > > > 4) ACL "caching" - it appears that if from one client-host - a user alters the ACL and then from another client-host - a user also alters the ACL - then one of the alterations can be lost (if they are within a minute or some cache timeframe). For example: I have seen weird stuff with caching and acls. In my case I traced most of it down to bad server logic, but I certainly believe the linux client can report something different than what's actually on the server. If the server is rewriting acls, that certainly sounds like it could cause visible caching artifacts. Another complication is that the linux userland nfs4 tool sometimes hides bits, so what you set and what's stored and returned, is not in fact what you see. ... -Marcus Watts -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html