(seems my earlier reply created a new topic; hence trying to reply back
original thread started by Ilan Schwarts...)

>> # mount -t nfs 10.10.158.61:/fs_gpfs01/nfs /mnt/nfs4
>> [root at CentOS7286-64 nfs4]# nfs4_getfacl mydir11
>> Operation to request attribute not supported.
>> [root at CentOS7286-64 nfs4]#

On my test setup (rhel7.3 nodes gpfs cluster and rhel7.2 nfs client); I can
successfully read nfsv4 acls (nfs4_getfacl).

Can you please try following on your setup?

1> capture network packets for above failure and check what does nfs server
return to GETATTR ?
=> tcpdump -i any host 10.10.158.61 -w /tmp/getfacl.cap &; nfs4_getfacl
mydir11; kill %1

2> Also check nfs4_getfacl version is up to date.
=> /usr/bin/nfs4_getfacl -H

3> If above doesn't help; then make sure you have sufficient nfsv4 acls to
read acls
(as per my understanding; for reading nfsv4 acls; one needs EXEC_SEARCH
on /fs_gpfs01/nfs and READ_ACL on /fs_gpfs01/nfs/mydir11).
=> mmgetacl -k nfs4 /fs_gpfs01/nfs
=> mmgetacl -k nfs4 /fs_gpfs01/nfs/mydir11

Thanks,
Chetan.



From:   gpfsug-discuss-requ...@spectrumscale.org
To:     gpfsug-discuss@spectrumscale.org
Date:   08/08/2017 04:30 PM
Subject:        gpfsug-discuss Digest, Vol 67, Issue 21
Sent by:        gpfsug-discuss-boun...@spectrumscale.org



Send gpfsug-discuss mailing list submissions to
                 gpfsug-discuss@spectrumscale.org

To subscribe or unsubscribe via the World Wide Web, visit
                 http://gpfsug.org/mailman/listinfo/gpfsug-discuss
or, via email, send a message with subject or body 'help' to
                 gpfsug-discuss-requ...@spectrumscale.org

You can reach the person managing the list at
                 gpfsug-discuss-ow...@spectrumscale.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of gpfsug-discuss digest..."


Today's Topics:

   1. Re: How to use nfs4_getfacl (or set) on GPFS               cluster
      (Ilan Schwarts)
   2. How to use nfs4_getfacl (or set) on GPFS cluster
      (Chetan R Kulkarni)


----------------------------------------------------------------------

Message: 1
Date: Tue, 8 Aug 2017 07:28:20 +0300
From: Ilan Schwarts <ila...@gmail.com>
To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org>
Subject: Re: [gpfsug-discuss] How to use nfs4_getfacl (or set) on GPFS
                 cluster
Message-ID:
                 <CAJUuSvGwzKdL3NjsxEN+s-BDxXvBsmFQbDOZ=KakmU4KB
+a...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi,
The command should work from server side i know.. but isnt the scenario of:
Root user, that is mounted via nfsv4 to a gpfs filesystem, cannot edit any
of the mounted files/dirs acls?
The acls are editable only from server side?
Thanks!
On Aug 8, 2017 00:10, "James Davis" <jamieda...@us.ibm.com> wrote:

> Hi Ilan,
>
> 1. Your command might work from the server side; you said you tried it
> from the client side. Could you find anything in the docs about this? I
> could not.
>
> 2. I can share this NFSv4-themed wrapper around mmputacl if it would be
> useful to you. You would have to run it from the GPFS side, not the NFS
> client side.
>
> Regards,
>
> Jamie
>
> # ./updateNFSv4ACL -h
> Update the NFSv4 ACL governing a file's access permissions.
>   Appends to the existing ACL, overwriting conflicting permissions.
> Usage: ./updateNFSv4ACL -file /path/to/file { ADD_PERM_SPEC |
> DEL_PERM_SPEC }+
>   ADD_PERM_SPEC: { -owningUser PERM | -owningGroup PERM | -other PERM |
> -ace nameType:name:PERM:aceType }
>   DEL_PERM_SPEC: { -noACEFor nameType:name }
>   PERM: Specify a string composed of one or more of the following letters
> in no particular order:
>     r (ead)
>     w (rite)
>     a (ppend)          Must agree with write
>     x (execute)
>     d (elete)
>     D (elete child)    Dirs only
>     t (read attrs)
>     T (write attrs)
>     c (read ACL)
>     C (write ACL)
>     o (change owner)
>   You can also provide these, but they will have no effect in GPFS:
>     n (read named attrs)
>     N (write named attrs)
>     y (support synchronous I/O)
>
>   To indicate no permissions, give a -
>   nameType: 'user' or 'group'.
>   aceType:  'allow' or 'deny'.
> Examples: ./updateNFSv4ACL -file /fs1/f -owningUser rtc -owningGroup
> rwaxdtc -other '-'
>             Assign these permissions to 'owner', 'group', 'other'.
>           ./updateNFSv4ACL -file /fs1/f -ace 'user:pfs001:rtc:allow'
> -noACEFor 'group:fvt001'
>             Allow user pfs001 read/read attrs/read ACL permission
>             Remove all ACEs (allow and deny) for group fvt001.
> Notes:
>   Permissions you do not allow are denied by default.
>   See the GPFS docs for some other restrictions.
>   ace is short for Access Control Entry
>
>
> ----- Original message -----
> From: Ilan Schwarts <ila...@gmail.com>
> Sent by: gpfsug-discuss-boun...@spectrumscale.org
> To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org>
> Cc:
> Subject: [gpfsug-discuss] How to use nfs4_getfacl (or set) on GPFS
cluster
> Date: Mon, Aug 7, 2017 9:27 AM
>
> Hi all,
> My setup is 2 nodes GPFS and 1 machine as NFS Client.
> All machines (3 total) run CentOS 7.2
>
> The 3rd CentOS machine (not part of the cluster) used as NFS Client.
>
> I mount the NFS Client machine to one of the nodes: mount -t nfs
> 10.10.158.61:/fs_gpfs01/nfs /mnt/nfs4
>
> This gives me the following:
>
> [root@CentOS7286-64 ~]# mount -v | grep gpfs
> 10.10.158.61:/fs_gpfs01/nfs on /mnt/nfs4 type nfs4
> (rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=
> 255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,
> clientaddr=10.10.149.188,local_lock=none,addr=10.10.158.61)
>
> Now, From the Client NFS Machine, I go to the mount directory ("cd
> /mnt/nfs4") and try to set an acl. Since NFSv4 should be supported, I
> use nfs4_getfacl:
> [root@CentOS7286-64 nfs4]# nfs4_getfacl mydir11
> Operation to request attribute not supported.
> [root@CentOS7286-64 nfs4]#
>
> From the NODE machine i see the status:
> [root@LH20-GPFS1 fs_gpfs01]# mmlsfs fs_gpfs01
> flag                value                    description
> ------------------- ------------------------
------------------------------
> -----
>  -f                 8192                     Minimum fragment size in
bytes
>  -i                 4096                     Inode size in bytes
>  -I                 16384                    Indirect block size in bytes
>  -m                 1                        Default number of metadata
> replicas
>  -M                 2                        Maximum number of metadata
> replicas
>  -r                 1                        Default number of data
> replicas
>  -R                 2                        Maximum number of data
> replicas
>  -j                 cluster                  Block allocation type
>  -D                 nfs4                     File locking semantics in
> effect
>  -k                 nfs4                     ACL semantics in effect
>  -n                 32                       Estimated number of nodes
> that will mount file system
>  -B                 262144                   Block size
>  -Q                 none                     Quotas accounting enabled
>                     none                     Quotas enforced
>                     none                     Default quotas enabled
>  --perfileset-quota No                       Per-fileset quota
enforcement
>  --filesetdf        No                       Fileset df enabled?
>  -V                 16.00 (4.2.2.0)          File system version
>  --create-time      Wed Jul  5 12:28:39 2017 File system creation time
>  -z                 No                       Is DMAPI enabled?
>  -L                 4194304                  Logfile size
>  -E                 Yes                      Exact mtime mount option
>  -S                 No                       Suppress atime mount option
>  -K                 whenpossible             Strict replica allocation
> option
>  --fastea           Yes                      Fast external attributes
> enabled?
>  --encryption       No                       Encryption enabled?
>  --inode-limit      171840                   Maximum number of inodes
> in all inode spaces
>  --log-replicas     0                        Number of log replicas
>  --is4KAligned      Yes                      is4KAligned?
>  --rapid-repair     Yes                      rapidRepair enabled?
>  --write-cache-threshold 0                   HAWC Threshold (max 65536)
>  -P                 system                   Disk storage pools in file
> system
>  -d                 nynsd1;nynsd2            Disks in file system
>  -A                 yes                      Automatic mount option
>  -o                 none                     Additional mount options
>  -T                 /fs_gpfs01               Default mount point
>  --mount-priority   0                        Mount priority
>
>
>
> I saw this thread:
> https://serverfault.com/questions/655112/nfsv4-acls-on-gpfs/722200
>
> Is it still relevant ? Since 2014..
>
> Thanks !
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
>
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20170808/0e20196d/attachment-0001.html
>

------------------------------

Message: 2
Date: Tue, 8 Aug 2017 10:20:10 +0530
From: "Chetan R Kulkarni" <chetk...@in.ibm.com>
To: gpfsug-discuss@spectrumscale.org
Subject: [gpfsug-discuss] How to use nfs4_getfacl (or set) on GPFS
                 cluster
Message-ID:

<of349b0197.8d24f794-on65258176.0018158d-65258176.001a9...@notes.na.collabserv.com>


Content-Type: text/plain; charset="us-ascii"



>> # mount -t nfs 10.10.158.61:/fs_gpfs01/nfs /mnt/nfs4
>> [root at CentOS7286-64 nfs4]# nfs4_getfacl mydir11
>> Operation to request attribute not supported.
>> [root at CentOS7286-64 nfs4]#

On my test setup (rhel7.3 nodes gpfs cluster and rhel7.2 nfs client); I can
successfully read nfsv4 acls (nfs4_getfacl).

Can you please try following on your setup?

1> capture network packets for above failure and check what does nfs server
return to GETATTR ?
=> tcpdump -i any host 10.10.158.61 -w /tmp/getfacl.cap &; nfs4_getfacl
mydir11; kill %1

2> Also check nfs4_getfacl version is up to date.
=> /usr/bin/nfs4_getfacl -H

3> If above doesn't help; then make sure you have sufficient nfsv4 acls to
read acls
(as per my understanding; for reading nfsv4 acls; one needs EXEC_SEARCH
on /fs_gpfs01/nfs and READ_ACL on /fs_gpfs01/nfs/mydir11).
=> mmgetacl -k nfs4 /fs_gpfs01/nfs
=> mmgetacl -k nfs4 /fs_gpfs01/nfs/mydir11

Thanks,
Chetan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20170808/42fbe6c2/attachment-0001.html
>

------------------------------

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss


End of gpfsug-discuss Digest, Vol 67, Issue 21
**********************************************



_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss

Reply via email to