Re: POSIX acls over nfs4

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: steve <steve@steve-ss.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Jeff Layton <jlayton@poochiereds.net>, linux-nfs@vger.kernel.org
Subject: Re: POSIX acls over nfs4
Date: Wed, 29 Feb 2012 15:40:39 +0100	[thread overview]
Message-ID: <4F4E38E7.6060308@steve-ss.com> (raw)
In-Reply-To: <20120229143236.GB3007@fieldses.org>

On 02/29/2012 03:32 PM, J. Bruce Fields wrote:
> On Wed, Feb 29, 2012 at 03:26:33PM +0100, steve wrote:
>> On 02/29/2012 03:09 PM, J. Bruce Fields wrote:
>>> On Wed, Feb 29, 2012 at 03:04:28PM +0100, steve wrote:
>>>> On 29/02/12 13:44, J. Bruce Fields wrote:
>>>>> On Wed, Feb 29, 2012 at 12:22:30AM +0100, steve wrote:
>>>>>> We are authenticating against Samba4, so our domain user accounts
>>>>>> are under Kerberos.
>>>>> Kerberos works fine with v3.
>>>>>
>>>>> --b.
>>>> Hi
>>>> Unfortunately, it doesn't seem to. We just tried it, and anyone
>>>> (with or without a ticket) gets access:-(
>>> Could you give any more detail about your test?
>>>
>>> --b.
>> steve is a /etc/passwd user
>>
>> steve@hh3:~$ sudo su
>> [sudo] password for steve:
>> root@hh3:/home/steve# mount -t nfs4 hh3:/home /mnt -o sec=krb5
>> root@hh3:/home/steve# exit
>> exit
>> steve@hh3:~$ cd /mnt
>> bash: cd: /mnt: Permission denied
>> steve@hh3:~$ sudo su
>> root@hh3:/home/steve# umount /mnt
>> root@hh3:/home/steve# mount -t nfs hh3:/home /mnt -o sec=krb5
>> root@hh3:/home/steve# exit
>> exit
>> steve@hh3:~$ cd /mnt
>> steve@hh3:/mnt$
> Why is that a problem?  You haven't actually accessed anything on the
> filesystem.
>
> --b.
Steve can access the mounted folder. I can live with that but the acl 
still isn't working:

lynn2 has authinticated by Kerberos

root@hh3:~# setfacl -d -m g::rw /home/CACTUS/dropbox
root@hh3:~# mount -t nfs hh3:/home /mnt -o sec=krb5
lynn2@hh3:/mnt/CACTUS$ ls -la
total 28
drwxr-xr-x  6 root   root         4096 2012-02-27 14:24 .
drwxr-xr-x  4 root   root         4096 2012-02-18 18:52 ..
drwxrws---  3 root   debusers     4096 2012-02-29 15:31 dropbox
drwxr-xr-x 20 lynn2  debusers     4096 2012-02-26 16:43 lynn2
drwxrwxrwx  5 root   root         4096 2012-02-29 14:19 profiles
drwxr-xr-x  4 steve2 Domain Users 4096 2012-02-29 14:36 steve2

lynn2 then crates a file in the mount called l3:

lynn2@hh3:/mnt/CACTUS$ ls -la /home/CACTUS/dropbox/
total 20
drwxrws---+ 3 root  debusers 4096 2012-02-29 15:31 .
drwxr-xr-x  6 root  root     4096 2012-02-27 14:24 ..
-rw-r-----  1 lynn2 debusers    0 2012-02-29 15:31 a
drwxrwS---+ 2 root  debusers 4096 2012-02-29 14:28 adminfolder
-rw-rw----  1 lynn2 debusers    0 2012-02-25 23:23 l2
-rw-r-----  1 lynn2 debusers    0 2012-02-29 15:24 l3
-rw-rw----  1 lynn2 debusers    0 2012-02-26 16:20 lynn2-ubuntu.txt
-rw-rw----  1 lynn2 debusers   11 2012-02-26 00:46 lynnnautilus.txt

??
Cheers,
Steve

next prev parent reply	other threads:[~2012-02-29 14:40 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-18 20:08 POSIX acls over nfs4 steve
2012-02-19 17:15 ` steve
2012-02-23  7:15   ` steve
2012-02-23  8:33     ` tao.peng
2012-02-23 12:50       ` steve
2012-02-23 11:39     ` Jeff Layton
2012-02-23 11:53       ` steve
2012-02-23 14:40         ` J. Bruce Fields
2012-02-23 15:33           ` steve
2012-02-23 15:42             ` J. Bruce Fields
2012-02-23 16:08               ` steve
2012-02-25  8:19                 ` steve
2012-02-28 20:05                   ` J. Bruce Fields
2012-02-28 23:22                     ` steve
2012-02-29 12:44                       ` J. Bruce Fields
2012-02-29 14:04                         ` steve
2012-02-29 14:09                           ` J. Bruce Fields
2012-02-29 14:26                             ` steve
2012-02-29 14:32                               ` J. Bruce Fields
2012-02-29 14:40                                 ` steve [this message]
2012-03-01 20:56                                   ` J. Bruce Fields
2012-03-01 22:11                                     ` steve
2012-03-02 18:03                                       ` J. Bruce Fields
2012-02-28 20:00                 ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F4E38E7.6060308@steve-ss.com \
    --to=steve@steve-ss.com \
    --cc=bfields@fieldses.org \
    --cc=jlayton@poochiereds.net \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).