From: Robert Marcano <robert@marcanoonline.com>
To: linux-nfs@vger.kernel.org
Subject: Re: NFSv4 / POSIX ACL mapping bug?
Date: Tue, 26 Jul 2011 14:59:08 -0430 [thread overview]
Message-ID: <4E2F1584.60901@marcanoonline.com> (raw)
In-Reply-To: <D7BF98E9-394A-4364-8124-1E39BEBE85DC@netapp.com>
On 07/26/2011 02:03 PM, Andy Adamson wrote:
> Hi
>
> Which client, which server (distro and uname -a output) did you use? Also, what commands (setfacl,getfacl? nfs4_setfacl, nfs4_getfacl ? plus version) and parameters did you use?
Thanks, here is the missing data
NFS Server:
CentOS release 5.6
Linux *** 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:13 EDT 2011
x86_64 x86_64 x86_64 GNU/Linux
Client:
Fedora 15
Linux *** 2.6.38.7-30.fc15.i686.PAE #1 SMP Fri May 27 05:44:56 UTC
2011 i686 i686 i386 GNU/Linux
The acls are POSIX ACLs assigned server side
=================================================
Commands on the CentOS NFS server:
not on the NFS mounted directory but on the source filesystem that is
exported, using root
=================================================
# umask 022
# mkdir directory
# setfacl -m d:g:sharedgroup:rwx directory
# setfacl -m g:sharedgroup:rwx directory
# touch directory/server
# getfacl directory/server
# file: directory/server
# owner: root
# group: root
user::rw-
group::r-x #effective:r--
group:sharedgroup:rwx #effective:rw-
mask::rw-
other::r--
=================================================
Commands on the Fedora NFS client:
using a non root user (a Kerberos authenticated user in our setup named
test)
=================================================
$ umask 022
$ touch directory/client
=================================================
Commands on the CentOS NFS server:
=================================================
# getfacl directory/client
# file: directory/client
# owner: test
# group: ipausers
user::rw-
group::r-x #effective:r--
group:sharedgroup:rwx #effective:r--
mask::r--
other::r--
When the file is created locally it gets the default ACL from
"directory" with mask "mask::rw-"
Thanks in advance
>
> -->Andy
> On Jul 26, 2011, at 10:43 AM, Robert Marcano wrote:
>
>> Hi, This question is probably too simple for this nfs developer list, but I am intrigued to know if this is a bug or not, I do not find any other reference to anyone with this problem
>>
>> Ineed some help clarifying this issue in order to know if this is a bug or limits of the NFSv4 / POSIX ACL mapping before reporting it
>>
>> Creating a directory on the server with the following POSIX ACLs, rwx for the group "sharedgroup" and same defaults:
>>
>> ############################################################
>> # file: directory
>> # owner: root
>> # group: root
>> user::rwx
>> group::r-x
>> group:sharedgroup:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:group::r-x
>> default:group:sharedgroup:rwx
>> default:mask::rwx
>> default:other::---
>> ############################################################
>>
>> Creating files with the same user with umask 022 on the server an on the NFS client, the files do not get the same POSIX ACL mask:
>>
>> ############################################################
>> # file: client
>> # owner: test
>> # group: testgroup
>> user::rw-
>> group::r-x #effective:r--
>> group:sharedgroup:rwx #effective:r--
>> mask::r--
>> other::r--
>>
>> # file: server
>> # owner: test
>> # group: testgroup
>> user::rw-
>> group::r-x #effective:r--
>> group:sharedgroup:rwx #effective:rw-
>> mask::rw-
>> other::r--
>> ############################################################
>>
>> Is this normal or a bug?, My interpretation is that even that the mapping of the ACLs is not 100% perfect this simple example should not be a problem. Is it impossible using NFS to create a shared directory for a group of users?
>>
>> Thanks in advance
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2011-07-26 19:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-26 14:43 NFSv4 / POSIX ACL mapping bug? Robert Marcano
2011-07-26 18:33 ` Andy Adamson
2011-07-26 19:29 ` Robert Marcano [this message]
2011-07-26 19:33 ` Robert Marcano
2011-07-27 15:18 ` NFSv4 / POSIX ACL mapping bug? (more tests) Robert Marcano
2011-07-27 15:47 ` NFSv4 / POSIX ACL mapping bug? J. Bruce Fields
2011-07-27 16:17 ` Robert Marcano
2011-07-28 4:13 ` Vladimir Elisseev
2011-08-02 1:09 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2011-07-26 16:35 Robert Marcano
[not found] ` <4E2EECE9.3080500-3g6LKK052cRzu6KWmfFNGwC/G2K4zDHf@public.gmane.org>
2011-07-26 18:09 ` Robert Marcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E2F1584.60901@marcanoonline.com \
--to=robert@marcanoonline.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.