NFS ACL

There is a utility nfs4_getfacl and nfs4_Setfacl which retrieves acl from server nfsv4.0

Is there a similar client side utility for nfs v4.1
perlperlAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
None of changes from 4.0 to 4.1 has to do with ACLs. Use same tools
0
perlperlAuthor Commented:
Thanks gheist,

How can the same tool nfs4_Setfacl can set acl for NFSv4.1 also. NFSv4.1 acl sends an additional field call flag that applies to all the aces.

In NFS4.0, acls are sent as attribute 12,   FATTR4_ACL

 struct  fattr4_acl {
	u_int32 ace_length;
	nfsace4 *aces;
};

In NFSv4.1, aces can be send as attribute 58, FATTR4_DACL

struct fattr4_acl {
	uint32_t acl_flag;
        struct  fattr4_acl {
	   u_int32 ace_length;
	   nfsace4 *aces;
        };
};

Open in new window


In NFSv4.1, there is additional ace in the flag ACE4_INHERITED_ACE. How can this be reported in nfs4_getfacl tool?

The possible flags as explained in http://linux.die.net/man/5/nfs4_acl are the ones in NFSv4.0 only


also how can nfs4_setfacl send the flag (to indicate server that do not inherit from parent)
   const ACL4_PROTECTED            = 0x00000002;
 
[ In windows, cifs client can send this flag while setting the aces, indicating not to inherit from parent. ]
0
gheistCommented:
Attributes 58 and 12 have different semantics. Maybe they are numbered differently because they are DIFFERENT ?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

perlperlAuthor Commented:
I mounted a file system with nfs4.1 and ran nfs4_getfacl, it was requesting FATTR_ACL and not FATTR_DACL.

Even if it request FATTR4_DACL, how can the tool nfs4_getfacl display the additional flag associated with the entire acl ??
0
gheistCommented:
It is for compatibility. old versions of clients gets attributes it can handle. If you read RFC it says how v4.nothing should be handled by 4.1 clients/servers....

Say sleepycat/berkeley db4 changes semantics of same values in different versions as they need not to maintain compatibility over network with other systems
0
perlperlAuthor Commented:
You mean to say the Linux client on which I am running cannot handle new FATTR4_DACL and that is why it is requesting FATTR4_ACL??

So i have to upgrade my client so that nfs4_getfacl can send FATTR4_DACL ?
0
perlperlAuthor Commented:
Consider a simple case where I write my own NFS4.1 server and client is requesting nfs4_getfacl, if the server returns the additional flag value (used by auto inheritance), how nfs4_getfacl display that flag?

Currently nfs4_getfacl is only displaying 1 aces per line

Is there any client side tool that does auto inheritance so that I can test my server
0
perlperlAuthor Commented:
The RFC for 4.1 says

A client application such as an ACL editor may then propagate changes
   to inheritable ACEs on a directory by recursively traversing that
   directory's descendants and modifying each ACL encountered to remove
   any ACEs with the ACE4_INHERITED_ACE flag and to replace them by the
   new inheritable ACEs (also with the ACE4_INHERITED_ACE flag set).  It
   uses the existing ACE inheritance flags in the obvious way to decide


nfs4_setfacl is not doing auto inheritance even though my server supports it.
0
gheistCommented:
Linux does not support nfs4 fully even less 4.1
Try solaris or freebsd for proper nfs client.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
perlperlAuthor Commented:
Is there a tool similar to nfs4_getfacl / setfacl available in solaris??

Also
mount -F nfs -o vers=4.1   on solaris (kernel 5.11)

says
nfs mount: invalid option: "vers=4.1"
0
gheistCommented:
nfs4.1 is a set of OPTIONAL extensions for nfs v4.
why don you use chacl but some nfs3.8_acl ?
0
perlperlAuthor Commented:
Not sure what you mean by nfs3.8_acl  

I want to test nfs4.1 acl on my server so I am looking for some client tool that can try setting acl and it invokes auto inheritance
0
perlperlAuthor Commented:
My guess is there is no solaris or linux client that can test NFSv4.1 acl to test auto inheritance feature ??
0
gheistCommented:
Only windows implements it fully and panasas SAN.... No luck there...
0
perlperlAuthor Commented:
wonder Why is this feature even available in nfs 4.1 if there are no client that uses it ;)
0
gheistCommented:
Because it cannot beat AFS ?
It kind of models AFS, but still suffers from single management entrance...
0
perlperlAuthor Commented:
The reason I am accepting this is because because currently Linux is not supporting it
0
gheistCommented:
Actually no reasonable software combination can benefit from it....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.