On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote: > I need to use the new ACL feature on one of our servers..... However the > data doesn't reside on the server that its being served from it is > mounted via NFS. > > Im guessing I will need to install fBSD5 on the two servers I want to > use ACL on, but will the other fBSD4 servers still be able to use NFS ok > (they don't need to use ACL)?? > > Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and > also, how stable is / does ACL even work between to fBSD5 machines using > NFS?
See http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html under the 'Desired Features for 5.3-RELEASE' section: | | | | Currently, MAC | | | | | protections are | | | | | enforced only on | | | | | locally originated | | | | | file system | | | | | operations (VOPs), | | | | | and not on RPCs | | | | | generated via the | | | | | NFS server. | | MAC support for | | | Improvements in NFS | | NFS Server | Not done | Robert Watson | server credential | | | | | handling are | | | | | required to correct | | | | | this problem, as | | | | | well as the | | | | | introduction of new | | | | | entry points to | | | | | properly label NFS | | | | | credentials and | | | | | perform enforcement | | | | | properly. | So the only possibility for ACL support over NFS is going to be a 5.x release, but seeing as it hasn't been included yet, probably not 5.3-RELEASE. One possible route around that would be to use GEOM Gate -- that's a system rather like iSCSI or Linux's DRDB, where the server exports a disk device, rather than a filesystem. This is a standard part of 5.x now, and will be in 5.3-RELEASE, but it's still very new, so test carefully before putting it onto important servers. See: http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html http://www.freebsd.org/cgi/man.cgi?query=ggatec&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html http://www.freebsd.org/cgi/man.cgi?query=ggated&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html http://www.freebsd.org/cgi/man.cgi?query=ggatel&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS server. FreeBSD 4.x has no support for GEOM Gate though. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgpiV1fPzfD4M.pgp
Description: PGP signature
