• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4957
  • Last Modified:

Red Hat - ACL Operation not supported error

I have an ACL file that I created and I'm trying to apply it against a directory. Below is what I ran and my error. Please help with this issue.

# setfacl -R --set-file=/ACL/acl.file.example /apps/datasec
setfacl:  /apps/datasec: Operation not supported.
0
AIX25
Asked:
AIX25
  • 10
  • 10
1 Solution
 
woolmilkporcCommented:
Is the filesystem mounted with the "acl" option?

Is the acl package installed?
0
 
AIX25Author Commented:
yes, it is mounted with "acl" option and acl package is installed. I'm sorry but I left out a couple of important items.

Server is on NAS storage. So, we are using automounter to mount the FSs.

# mount |grep apps
xxxxx:/vol/xxxx_d_8/38783_apps_prd on /xxxxx/38783_apps_prd type nfs (rw,nosuid,nodev,vers=3,rsize=65536,wsize=65536,actimeo=0,hard,intr,acl,proto=tcp,timeo=600,retrans=2,sec=sys,sloppy,addr=xxx.xx.x.xx)
0
 
woolmilkporcCommented:
Should basically work.

Is your NAS from NetApp? I heard that NetApp only supports NFSv4 ACLs, but I can't confirm this because we don't have a NetApp.

Please consult the docs of your NAS system under this aspect.

The share is not accidentally exported with "no_acl", is it?
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
AIX25Author Commented:
Yes, it is from NetApp. No, it was not exported with "no_acl". The the mount in the auto.master did not have the "acl" option. So we added the "acl" option and remounted. Yes, please confirm. Also, if it ends up only supporting NFSv4 ACLs, can you help explain what I need to do to make it work? How do I implement NFSv4 ACLs?
0
 
woolmilkporcCommented:
First of all, you'll have to set up NFS version 4

Here is a nice tutorial:

http://www.cyberciti.biz/faq/centos-fedora-rhel-nfs-v4-configuration/

Next, you'll have to create NFSv4 ACLs, which look quite different from Posix ACLs.

Here is the manpage:
http://linux.die.net/man/5/nfs4_acl

As I said, I can't tell you whether NetApp supports only NFSv4 ACLs. I don't have such a machine, and I don't have the docs at hand.
0
 
AIX25Author Commented:
With NFSv4 ACLs, will I still be able to create ACL files (see below) and apply them in the same manner as regular ACLs?

# file: datasec
# owner: userA
# group: groupA
user::rwx
group:---
other::---
user:userB:rwx
user:userC:r--
0
 
woolmilkporcCommented:
If your NAS supports only NFSv4 ACLs you must create and apply this sort of ACLs.

The v4 ACL format is described here:
http://linux.die.net/man/5/nfs4_acl

What you posted in the last comment is a Posix ACL and such ACLs cannot be applied, according to what you wrote in the original question.

The command to apply v4 ACLs is nfs4_setfacl
http://linux.die.net/man/1/nfs4_setfacl

Don't you have the NetApp docs at hand? I found several docs on the net, but one is not allowed to read them without registration, as it seems.
But I found lots of messages stating that NetAPP indeed does not support Posix ACLs!
0
 
AIX25Author Commented:
Does NFSv3 support POSIX ACL?
0
 
woolmilkporcCommented:
Generally, yes. But not NetApp's NFS implementation, as it seems.
0
 
AIX25Author Commented:
Do I have to install anything to get nfsv4_setfacl and getfacl commands? Also, can I run it like this?

# nfsv4_setfacl -R --set-file=/ACL/acl.file.example /apps/datase
0
 
woolmilkporcCommented:
I think I told you multiple times that version 4 ACLs have a format very different to what you posted in 39279921 (that's Posix!)

You cannot run nfsv4_setfacl using an input file containing Posix ACLs.

Please check the links I posted in my previous comments.
They contain sufficient information about enabling NFSv4 and creating NFSv4 ACLs.
0
 
AIX25Author Commented:
We have converted our mounts to NFSv4.

Now I'm getting another error. When I run my command in "test mode", it works fine. But, when I run the command without "test mode", it gives me the error below. Any ideas? Please help.

# nfs4_setfacl -a A::username@:rwaDxtTnNcCy /apps/datasec --test
## Test mode only - the resulting ACL for "/volume/apps/datasec":
A::username@:rwaDxtTnNcCy
A::OWNER@:rwaDxtTnNcCy
D::OWNER@:
A:g:GROUP@:tc
D:g:GROUP@:rwaDxTCy
A::EVERYONE@:tc
D::EVERYONE@:rwaDxTCy

# nfs4_setfacl -a A::username@:rwaDxtTnNcCy /apps/datasec
Failed setxattr operations: Invalid argument
0
 
AIX25Author Commented:
I have made updates...please see my post above.
0
 
woolmilkporcCommented:
You should specify the NFSv4 domain:

nfs4_setfacl -a A::username@mynfsdomain:rwaDxtTnNcCy /apps/datasec
0
 
AIX25Author Commented:
"mynfsdomain"...is the the NFS server or client..or the server I'm logged on?
0
 
woolmilkporcCommented:
It's usually the hosts's fully qualified DNS domain name, if not set otherwise in /etc/idmapd.conf or with the "-d" option of rpc.idmapd.

If the NetApp and the clients are in different domains pick one to be the NFSv4 domain and set it on Linux (see above) and/or on NetApp (don't know how to do it there).
0
 
AIX25Author Commented:
I got the FQDN from nslookup and host commands. I ran the same command with username@FQDN and it still gives me the same error. I looked at the /etc/idmapd.conf file and looks to be default and not updated with any changes. I'm not exactly sure what is needed.
0
 
woolmilkporcCommented:
FQDN must not contain the host name itself, just the domain part.

Are NetApp and the client in the same DNS domain?
0
 
AIX25Author Commented:
Ok. Yes, they are. I have tried the command with now just @domainname. No luck.
0
 
woolmilkporcCommented:
Is "username" a user defined on the client machine?

If so, I'm running out of ideas....

You could try defining this user on the NetApp as well (same UID), but this should generally not be necessary.... who knows.

The biggest problem for me is that I don't have a NetApp and don't have access to the docs either.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 10
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now