Hi Bruce, On Mon, Jun 15, 2020 at 10:50:35AM -0400, J. Bruce Fields wrote: > On Sat, Jun 13, 2020 at 11:45:27AM -0700, Elliott Mitchell wrote: > > I disagree with this assessment. All of the reporters have been using > > ZFS, but this could indicate an absence of testers using other > > filesystems. We need someone with a NFS server which has a 4.15+ kernel > > and uses a different filesystem which supports ACLs. > > Honestly I don't think I currently have a regression test for this so > it's possible I could have missed something upstream. I haven't seen > any reports, though.... > > ZFS's ACL implementation is very different from any in-tree > filesystem's, and given limited time, a filesystem with no prospect of > going upstream isn't going to get much attention, so, yes, I'd need to > see a reproducer on xfs or ext4 or something. I think the following is reproducible on a ext4 exported share (with underlying filesystem mounted with noacl to mimic the suspect from the reporter). I tested the same with an older kernel from Debian stretch (running 4.9.210-1+deb9u1) but this does not show the same behaviour. The current test system is running 5.6.14-2 Debian kernel (so 5.6.14). 1/ Create an ext4 filesystem: # mkfs.ext4 /dev/vdb1 2/ Mount the filesystem with noacl (to mimic the situation): /dev/vdb1 /srv/data ext4 defaults,noacl 0 0 root@nfs-test:~# mount | grep vdb1 /dev/vdb1 on /srv/data type ext4 (rw,relatime,noacl) 3/ Export with /srv/data 192.168.122.1/24(rw,sync,no_subtree_check,no_root_squash) 4/ Reproduce the issue root@nfs-test:~# mount -t nfs 192.168.122.150:/srv/data /mnt root@nfs-test:~# mkdir /mnt/foo && ls -ld /mnt/foo && rmdir /mnt/foo drwxrwxrwx 2 root root 4096 Jun 15 20:24 /mnt/foo root@nfs-test:~# mount | grep data /dev/vdb1 on /srv/data type ext4 (rw,relatime,noacl) 192.168.122.150:/srv/data on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.150,local_lock=none,addr=192.168.122.150) root@nfs-test:~# umount /mnt Looking at a wireshark captured sniff, the situation was the same as in the previous ZFS case, in the gettattr from the client and the server does indicate support for the new mode_umask. Then later in the CREATE operation, the client sets the mode_umask attribute, with mode part set to '0777' and umask to '022'. The mode replied is then as well '0777'. Notabene: if not mounting the filesystem with noacl, then there is no observed behaviour change here. Regards, Salvatore