perlperl
asked on
NFS ACL
There is a utility nfs4_getfacl and nfs4_Setfacl which retrieves acl from server nfsv4.0
Is there a similar client side utility for nfs v4.1
Is there a similar client side utility for nfs v4.1
gheist
None of changes from 4.0 to 4.1 has to do with ACLs. Use same tools
ASKER
Thanks gheist,
How can the same tool nfs4_Setfacl can set acl for NFSv4.1 also. NFSv4.1 acl sends an additional field call flag that applies to all the aces.
In NFSv4.1, there is additional ace in the flag ACE4_INHERITED_ACE. How can this be reported in nfs4_getfacl tool?
The possible flags as explained in http://linux.die.net/man/5/nfs4_acl are the ones in NFSv4.0 only
also how can nfs4_setfacl send the flag (to indicate server that do not inherit from parent)
const ACL4_PROTECTED = 0x00000002;
[ In windows, cifs client can send this flag while setting the aces, indicating not to inherit from parent. ]
How can the same tool nfs4_Setfacl can set acl for NFSv4.1 also. NFSv4.1 acl sends an additional field call flag that applies to all the aces.
In NFS4.0, acls are sent as attribute 12, FATTR4_ACL
struct fattr4_acl {
u_int32 ace_length;
nfsace4 *aces;
};
In NFSv4.1, aces can be send as attribute 58, FATTR4_DACL
struct fattr4_acl {
uint32_t acl_flag;
struct fattr4_acl {
u_int32 ace_length;
nfsace4 *aces;
};
};In NFSv4.1, there is additional ace in the flag ACE4_INHERITED_ACE. How can this be reported in nfs4_getfacl tool?
The possible flags as explained in http://linux.die.net/man/5/nfs4_acl are the ones in NFSv4.0 only
also how can nfs4_setfacl send the flag (to indicate server that do not inherit from parent)
const ACL4_PROTECTED = 0x00000002;
[ In windows, cifs client can send this flag while setting the aces, indicating not to inherit from parent. ]
Attributes 58 and 12 have different semantics. Maybe they are numbered differently because they are DIFFERENT ?
ASKER
I mounted a file system with nfs4.1 and ran nfs4_getfacl, it was requesting FATTR_ACL and not FATTR_DACL.
Even if it request FATTR4_DACL, how can the tool nfs4_getfacl display the additional flag associated with the entire acl ??
Even if it request FATTR4_DACL, how can the tool nfs4_getfacl display the additional flag associated with the entire acl ??
It is for compatibility. old versions of clients gets attributes it can handle. If you read RFC it says how v4.nothing should be handled by 4.1 clients/servers....
Say sleepycat/berkeley db4 changes semantics of same values in different versions as they need not to maintain compatibility over network with other systems
Say sleepycat/berkeley db4 changes semantics of same values in different versions as they need not to maintain compatibility over network with other systems
ASKER
You mean to say the Linux client on which I am running cannot handle new FATTR4_DACL and that is why it is requesting FATTR4_ACL??
So i have to upgrade my client so that nfs4_getfacl can send FATTR4_DACL ?
So i have to upgrade my client so that nfs4_getfacl can send FATTR4_DACL ?
ASKER
Consider a simple case where I write my own NFS4.1 server and client is requesting nfs4_getfacl, if the server returns the additional flag value (used by auto inheritance), how nfs4_getfacl display that flag?
Currently nfs4_getfacl is only displaying 1 aces per line
Is there any client side tool that does auto inheritance so that I can test my server
Currently nfs4_getfacl is only displaying 1 aces per line
Is there any client side tool that does auto inheritance so that I can test my server
ASKER
The RFC for 4.1 says
A client application such as an ACL editor may then propagate changes
to inheritable ACEs on a directory by recursively traversing that
directory's descendants and modifying each ACL encountered to remove
any ACEs with the ACE4_INHERITED_ACE flag and to replace them by the
new inheritable ACEs (also with the ACE4_INHERITED_ACE flag set). It
uses the existing ACE inheritance flags in the obvious way to decide
nfs4_setfacl is not doing auto inheritance even though my server supports it.
A client application such as an ACL editor may then propagate changes
to inheritable ACEs on a directory by recursively traversing that
directory's descendants and modifying each ACL encountered to remove
any ACEs with the ACE4_INHERITED_ACE flag and to replace them by the
new inheritable ACEs (also with the ACE4_INHERITED_ACE flag set). It
uses the existing ACE inheritance flags in the obvious way to decide
nfs4_setfacl is not doing auto inheritance even though my server supports it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is there a tool similar to nfs4_getfacl / setfacl available in solaris??
Also
mount -F nfs -o vers=4.1 on solaris (kernel 5.11)
says
nfs mount: invalid option: "vers=4.1"
Also
mount -F nfs -o vers=4.1 on solaris (kernel 5.11)
says
nfs mount: invalid option: "vers=4.1"
nfs4.1 is a set of OPTIONAL extensions for nfs v4.
why don you use chacl but some nfs3.8_acl ?
why don you use chacl but some nfs3.8_acl ?
ASKER
Not sure what you mean by nfs3.8_acl
I want to test nfs4.1 acl on my server so I am looking for some client tool that can try setting acl and it invokes auto inheritance
I want to test nfs4.1 acl on my server so I am looking for some client tool that can try setting acl and it invokes auto inheritance
ASKER
My guess is there is no solaris or linux client that can test NFSv4.1 acl to test auto inheritance feature ??
Only windows implements it fully and panasas SAN.... No luck there...
ASKER
wonder Why is this feature even available in nfs 4.1 if there are no client that uses it ;)
Because it cannot beat AFS ?
It kind of models AFS, but still suffers from single management entrance...
It kind of models AFS, but still suffers from single management entrance...
ASKER
The reason I am accepting this is because because currently Linux is not supporting it
Actually no reasonable software combination can benefit from it....