Re: POSIX acls over nfs4

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: steve <steve@steve-ss.com>
To: linux-nfs@vger.kernel.org
Subject: Re: POSIX acls over nfs4
Date: Thu, 23 Feb 2012 08:15:26 +0100	[thread overview]
Message-ID: <4F45E78E.8050501@steve-ss.com> (raw)
In-Reply-To: <4F412E2F.9070200@steve-ss.com>

Hi everyone
I'm sorry to bump this but I've tried the opensuse, ubuntu and samba 
lists without any luck.

The acls I have created are not inherited when exporting via nfs4. Can 
anyone help me with this? Tell me it can/can't be done? Versions of nfs 
to use? Details below.
Thanks,
Steve


On 02/19/2012 06:15 PM, steve wrote:
> On 18/02/12 21:08, steve wrote:
>> Hi
>> Is it possible for nfs4 to respect the acls I have setup on an ext4 
>> export?
>> Thanks,
>> Steve
>>
>> openSUSE 12.1
>> -- 
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Sorry, this is what I've tried so far:
>  cat /etc/exports
> /home 
> *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
>
> 1. Make a folder to share:
> hh3:/home/CACTUS # mkdir -m 770 dropbox
> hh3:/home/CACTUS # chown root:suseusers dropbox
>
> 2. Mount the share:
> hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
>
> 3. Look at the acls:
> nfs4_getfacl /mnt/CACTUS/dropbox
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
>
> Set an acl so that members of suseusers have rw on the share:
> hh3:/home/CACTUS # nfs4_setfacl -a A:g:suseusers@hh3.site:RW 
> /mnt/CACTUS/dropbox
>
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A:g:suseusers@hh3.site:rwaDtcy
> A::EVERYONE@:tcy
>
> 4. Yes. Back in the unmounted directory, the acl + has appeared:
> hh3:/home/CACTUS # ls -la dropbox/
> total 8
> drwxrwx---+ 2 root suseusers 4096 Feb 19 10:55 .
> drwxr-xr-x  9 root root      4096 Feb 19 10:55 ..
>
> 5. On the mounted share, the acl is not visible. steve6 can create a 
> file but it is _not_ group rw:
> steve6@hh3:~> cd /mnt/CACTUS/dropbox/
> steve6@hh3:/mnt/CACTUS/dropbox> touch hola.txt
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrwx--- 2 root   suseusers 4096 Feb 19 11:02 .
> drwxr-xr-x 9 root   root      4096 Feb 19 10:55 ..
> -rw-r--r-- 1 steve6 suseusers    0 Feb 19 11:02 hola.txt
>
> 6. Recreate the share but this time with a posix acl:
> setfacl -d -m g::rw /home/CACTUS/dropbox
> steve6@hh3:/home/CACTUS> touch dropbox/h
> steve6@hh3:/home/CACTUS> ls -la dropbox/
> total 8
> drwxrws---+ 2 root   suseusers 4096 Feb 19 11:13 .
> drwxr-xr-x  9 root   root      4096 Feb 19 11:11 ..
> -rw-rw----  1 steve6 suseusers    0 Feb 19 11:13 h
>
> Yes. Now when steve6 creates a file it _is_ group rw. = posix acl is 
> working.
>
> 7. Mount the new posix share and test again:
> hh3:/home/CACTUS #chmod g+s /home/CACTUS/dropbox
> hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDtcy
> A:fdi:EVERYONE@:tcy
>
> steve6@hh3:/mnt/CACTUS/dropbox> touch h2
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrws--- 2 root   suseusers 4096 Feb 19 11:19 .
> drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDtcy
> A:fdi:EVERYONE@:tcy
> hh3:/home/CACTUS # nfs4_setfacl -a A:fdi:GROUP@:RWX 
> /mnt/CACTUS/dropboxhh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:GROUP@:rwaDxtcy
> A:fdi:EVERYONE@:tcy
>
> steve6@hh3:/mnt/CACTUS/dropbox> touch h3
> steve6@hh3:/mnt/CACTUS/dropbox> ls -la
> total 8
> drwxrws--- 2 root   suseusers 4096 Feb 19 11:21 .
> drwxr-xr-x 9 root   root      4096 Feb 19 11:11 ..
> -rw-rw---- 1 steve6 suseusers    0 Feb 19 11:13 h
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:19 h2
> -rw-r----- 1 steve6 suseusers    0 Feb 19 11:21 h3
>
> Still no group rw on created files. = nfs4 acl is not working as 
> expected.
>
> Workaround. Get the out the big hammer:
> #!/bin/sh
> while true; do $(chmod -R g+w /home/CACTUS/dropbox); sleep 2; done
>
> Question:
> What am I missing? How do I set files created on an nfs4 share to take 
> group rw?
>
> Thanks,
> Steve
>
> -- 
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2012-02-23  7:15 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-18 20:08 POSIX acls over nfs4 steve
2012-02-19 17:15 ` steve
2012-02-23  7:15   ` steve [this message]
2012-02-23  8:33     ` tao.peng
2012-02-23 12:50       ` steve
2012-02-23 11:39     ` Jeff Layton
2012-02-23 11:53       ` steve
2012-02-23 14:40         ` J. Bruce Fields
2012-02-23 15:33           ` steve
2012-02-23 15:42             ` J. Bruce Fields
2012-02-23 16:08               ` steve
2012-02-25  8:19                 ` steve
2012-02-28 20:05                   ` J. Bruce Fields
2012-02-28 23:22                     ` steve
2012-02-29 12:44                       ` J. Bruce Fields
2012-02-29 14:04                         ` steve
2012-02-29 14:09                           ` J. Bruce Fields
2012-02-29 14:26                             ` steve
2012-02-29 14:32                               ` J. Bruce Fields
2012-02-29 14:40                                 ` steve
2012-03-01 20:56                                   ` J. Bruce Fields
2012-03-01 22:11                                     ` steve
2012-03-02 18:03                                       ` J. Bruce Fields
2012-02-28 20:00                 ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F45E78E.8050501@steve-ss.com \
    --to=steve@steve-ss.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).