From: steve <steve@steve-ss.com>
To: linux-nfs@vger.kernel.org
Subject: Re: POSIX acls over nfs4
Date: Sun, 19 Feb 2012 18:15:27 +0100 [thread overview]
Message-ID: <4F412E2F.9070200@steve-ss.com> (raw)
In-Reply-To: <4F40053A.3090301@steve-ss.com>
On 18/02/12 21:08, steve wrote:
> Hi
> Is it possible for nfs4 to respect the acls I have setup on an ext4
> export?
> Thanks,
> Steve
>
> openSUSE 12.1
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Sorry, this is what I've tried so far:
cat /etc/exports
/home
*(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
1. Make a folder to share:
hh3:/home/CACTUS # mkdir -m 770 dropbox
hh3:/home/CACTUS # chown root:suseusers dropbox
2. Mount the share:
hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
3. Look at the acls:
nfs4_getfacl /mnt/CACTUS/dropbox
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy
Set an acl so that members of suseusers have rw on the share:
hh3:/home/CACTUS # nfs4_setfacl -a A:g:suseusers@hh3.site:RW
/mnt/CACTUS/dropbox
hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A:g:suseusers@hh3.site:rwaDtcy
A::EVERYONE@:tcy
4. Yes. Back in the unmounted directory, the acl + has appeared:
hh3:/home/CACTUS # ls -la dropbox/
total 8
drwxrwx---+ 2 root suseusers 4096 Feb 19 10:55 .
drwxr-xr-x 9 root root 4096 Feb 19 10:55 ..
5. On the mounted share, the acl is not visible. steve6 can create a
file but it is _not_ group rw:
steve6@hh3:~> cd /mnt/CACTUS/dropbox/
steve6@hh3:/mnt/CACTUS/dropbox> touch hola.txt
steve6@hh3:/mnt/CACTUS/dropbox> ls -la
total 8
drwxrwx--- 2 root suseusers 4096 Feb 19 11:02 .
drwxr-xr-x 9 root root 4096 Feb 19 10:55 ..
-rw-r--r-- 1 steve6 suseusers 0 Feb 19 11:02 hola.txt
6. Recreate the share but this time with a posix acl:
setfacl -d -m g::rw /home/CACTUS/dropbox
steve6@hh3:/home/CACTUS> touch dropbox/h
steve6@hh3:/home/CACTUS> ls -la dropbox/
total 8
drwxrws---+ 2 root suseusers 4096 Feb 19 11:13 .
drwxr-xr-x 9 root root 4096 Feb 19 11:11 ..
-rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h
Yes. Now when steve6 creates a file it _is_ group rw. = posix acl is
working.
7. Mount the new posix share and test again:
hh3:/home/CACTUS #chmod g+s /home/CACTUS/dropbox
hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rwaDtcy
A:fdi:EVERYONE@:tcy
steve6@hh3:/mnt/CACTUS/dropbox> touch h2
steve6@hh3:/mnt/CACTUS/dropbox> ls -la
total 8
drwxrws--- 2 root suseusers 4096 Feb 19 11:19 .
drwxr-xr-x 9 root root 4096 Feb 19 11:11 ..
-rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h
-rw-r----- 1 steve6 suseusers 0 Feb 19 11:19 h2
hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rwaDtcy
A:fdi:EVERYONE@:tcy
hh3:/home/CACTUS # nfs4_setfacl -a A:fdi:GROUP@:RWX
/mnt/CACTUS/dropboxhh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rwaDxtcy
A:fdi:EVERYONE@:tcy
steve6@hh3:/mnt/CACTUS/dropbox> touch h3
steve6@hh3:/mnt/CACTUS/dropbox> ls -la
total 8
drwxrws--- 2 root suseusers 4096 Feb 19 11:21 .
drwxr-xr-x 9 root root 4096 Feb 19 11:11 ..
-rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h
-rw-r----- 1 steve6 suseusers 0 Feb 19 11:19 h2
-rw-r----- 1 steve6 suseusers 0 Feb 19 11:21 h3
Still no group rw on created files. = nfs4 acl is not working as expected.
Workaround. Get the out the big hammer:
#!/bin/sh
while true; do $(chmod -R g+w /home/CACTUS/dropbox); sleep 2; done
Question:
What am I missing? How do I set files created on an nfs4 share to take
group rw?
Thanks,
Steve
next prev parent reply other threads:[~2012-02-19 17:15 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-18 20:08 POSIX acls over nfs4 steve
2012-02-19 17:15 ` steve [this message]
2012-02-23 7:15 ` steve
2012-02-23 8:33 ` tao.peng
2012-02-23 12:50 ` steve
2012-02-23 11:39 ` Jeff Layton
2012-02-23 11:53 ` steve
2012-02-23 14:40 ` J. Bruce Fields
2012-02-23 15:33 ` steve
2012-02-23 15:42 ` J. Bruce Fields
2012-02-23 16:08 ` steve
2012-02-25 8:19 ` steve
2012-02-28 20:05 ` J. Bruce Fields
2012-02-28 23:22 ` steve
2012-02-29 12:44 ` J. Bruce Fields
2012-02-29 14:04 ` steve
2012-02-29 14:09 ` J. Bruce Fields
2012-02-29 14:26 ` steve
2012-02-29 14:32 ` J. Bruce Fields
2012-02-29 14:40 ` steve
2012-03-01 20:56 ` J. Bruce Fields
2012-03-01 22:11 ` steve
2012-03-02 18:03 ` J. Bruce Fields
2012-02-28 20:00 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F412E2F.9070200@steve-ss.com \
--to=steve@steve-ss.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).