There is a setting at the fileset level (mmcrfileset/mmchfilest), --allow-permission-change, that allows you to control how ACLs and permission bits interact, including having both on a file.
Fred Fred Stock, Spectrum Scale Development Advocacy [email protected]<mailto:[email protected]> | 720-430-8821 From: gpfsug-discuss <[email protected]> on behalf of Losen, Stephen C (scl) <[email protected]> Date: Thursday, September 29, 2022 at 3:16 PM To: gpfsug main discussion list <[email protected]> Subject: [EXTERNAL] [gpfsug-discuss] Changing filesystem from -k all to -k nfs4 with mmchfs Hi folks, Recently I asked what happens when you use “mmchfs -k nfs4” when you already have numerous files (we have millions) with posix ACLs. I have discovered the answer – NOTHING. No existing ACLs change. However, you cannot feed posix ACLs ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Hi folks, Recently I asked what happens when you use “mmchfs -k nfs4” when you already have numerous files (we have millions) with posix ACLs. I have discovered the answer – NOTHING. No existing ACLs change. However, you cannot feed posix ACLs to mmputacl, it only accepts nfs4 ACLs. You cannot run setfacl, it fails. If you run mmgetacl it shows the ACL in nfs4 format. But if you use mmgetacl -k native it shows you the “real” ACL, which may be a posix ACL. If you have a default posix ACL set on a directory, new files inherit from the posix ACL and they themselves end up with a posix ACL. The behavior of chmod is different. If a file has a nfs4 ACL then chmod destroys it and replaces it with a nfs4 ACL that essentially mimics the permissions set by the chmod command. In particular, the new ACL only has ACEs for special:owner@, special:group@, and special:everyone@. Any other ACEs are lost. However, if the file has a posix ACL, then chmod works as expected for a posix ACL. It does not completely replace the ACL, but it may change the mask:: entry or the user:: entry or the other:: entry. If you set a nfs4 ACL on a file with a posix ACL, then it converts to a nfs4 ACL (mmgetacl -k native outputs the nfs4 ACL). Needless to say this is all rather confusing, but we had to run mmchfs -k nfs4 in order to enable SMB access, which we need. Steve Losen Research Computing University of Virginia [email protected]<mailto:[email protected]> 434-924-0640
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
