Re: NFSv4.1 ACL reference implementation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: "McEvoy, James" <james.mcevoy@hp.com>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"Fernandez, Roselle N" <roselle.fernandez@hp.com>,
	"Palanisamy, Nandesh" <nandesh.palanisamy@hp.com>
Subject: Re: NFSv4.1 ACL reference implementation
Date: Wed, 30 Jul 2014 14:21:01 -0400	[thread overview]
Message-ID: <20140730182101.GJ26316@fieldses.org> (raw)
In-Reply-To: <6301806E96421841896741228C6B1A2764A7DEB1@G4W3216.americas.hpqcorp.net>

On Wed, Jul 30, 2014 at 06:15:37PM +0000, McEvoy, James wrote:
> 
> 
> > -----Original Message-----
> > From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs-
> > owner@vger.kernel.org] On Behalf Of J. Bruce Fields
> > Sent: Wednesday, July 30, 2014 11:06 AM
> > To: McEvoy, James
> > Cc: linux-nfs@vger.kernel.org
> > Subject: Re: NFSv4.1 ACL reference implementation
> > 
> > On Wed, Jul 30, 2014 at 05:08:25PM +0000, McEvoy, James wrote:
> > > We are implementing NFSv4.1 ACLs in the filesystem mostly to support
> > > SMB/CIFS but I am seeing some strange behavior with ACL group
> > > inheritance on children/grand-children using the nfs4_setfacl and
> > > nfs4_getfacl on the parent directory.  The problems are mostly with
> > > inheritance on the @OWNER and @GROUP ACEs...
> > 
> > The usual problem is that the umask is applied.
> 
> Where can I find the proper behavior between umask and inheritance? 

For "posix" ACLs on local linux filesystems, the umask is just ignored
in the case where we're creating a new file in a directory with
default (inheritable) ACLs.

In the v4 case that doesn't happen.  I think this probably a bug that
needs to be fixed, but I'm not sure how.

--b.

> > > What I am looking for is a reference that I can use to validate ACL
> > > inheritance behavior. Is there a distro that has a filesystem which
> > > supports
> > > NFSv4 ACLs?  Or ideally an rpm that I could install on a CentOS6 VM.
> > > I have tried using the richacl mount option on OpenSUSE 13.1 but the
> > > nfs4_getfacl command returns:
> > > "Operation to request attribute not supported."
> > > The fstab entry to mount the filesystem is:
> > > /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0-part3 \
> > > 	/home	ext4	acl,richacl,user_xattr 1 2
> > >
> > > Do you have any recommendations as to what and how I can install a
> > > filesystem that supports nfsv4 ACLs?
> > 
> > No, they all just do "posix" acls and nfsd tries to translate.
> > 
> > But the umask issue is somewhat of a separate issue.
> > 
> > --b.
> > 
> > >
> > >   --jim
> > >
> > > > -----Original Message-----
> > > > From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs-
> > > > owner@vger.kernel.org] On Behalf Of J. Bruce Fields
> > > > Sent: Tuesday, July 29, 2014 2:09 PM
> > > > To: McEvoy, James
> > > > Cc: linux-nfs@vger.kernel.org
> > > > Subject: Re: NFSv4.1 ACL reference implementation
> > > >
> > > > On Tue, Jul 29, 2014 at 07:18:03PM +0000, McEvoy, James wrote:
> > > > > Is there a working NFSv4.1 reference implementation available and
> > > > > are there
> > > > any instructs on how to build/install it?
> > > >
> > > > I don't recall seeing any, no.
> > > >
> > > > (Most NFSv4.0 ACL implementations should still be perfectly
> > > > compliant with the
> > > > NFSv4.1 spec too as far as I know.  But I don't know of any
> > > > implementations of the ACL features that are new to RFC 5661.  Is
> > > > there any particular feature that you're interested in?)
> > > >
> > > > --b.
> > > > --
> > > > To unsubscribe from this list: send the line "unsubscribe linux-nfs"
> > > > in the body of a message to majordomo@vger.kernel.org More majordomo
> > > > info at http://vger.kernel.org/majordomo-info.html
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of
> > a message to majordomo@vger.kernel.org More majordomo info at
> > http://vger.kernel.org/majordomo-info.html

     prev parent reply	other threads:[~2014-07-30 18:21 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-29 19:18 NFSv4.1 ACL reference implementation McEvoy, James
2014-07-29 21:09 ` J. Bruce Fields
2014-07-30 17:08   ` McEvoy, James
2014-07-30 18:05     ` J. Bruce Fields
2014-07-30 18:15       ` McEvoy, James
2014-07-30 18:21         ` J. Bruce Fields [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140730182101.GJ26316@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=james.mcevoy@hp.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=nandesh.palanisamy@hp.com \
    --cc=roselle.fernandez@hp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.