Unless you have CES and SMB in which case you have to set -k nfs4. Well technically you can set it, create a share and then set it back. But then you can't create more shares.
AFAIK SMB actually understands the POSIX ACL and represents it to Windows in some way (just don't try and change it from Windows). Simon ________________________________________ From: [email protected] [[email protected]] on behalf of [email protected] [[email protected]] Sent: 27 March 2019 16:07 To: gpfsug main discussion list Subject: Re: [gpfsug-discuss] Adding to an existing GPFS ACL I don’t have a solution, just similar experience with mmputacl vs setfacl. IMO, needing to dump and reapply full ACLs rather than just specifying what is to be added is one of a few reasons mmputacl is inferior to setfacl. We do all our extended ACL manipulation with setfacl from a gpfs native client and keep filesystem acl sematics set to -k all rather than -k nfs4. I’d see if you can use setfacl or nfs4_setfacl. This might not work for your use case. Best, Chris From: <[email protected]> on behalf of "Buterbaugh, Kevin L" <[email protected]> Reply-To: gpfsug main discussion list <[email protected]> Date: Wednesday, March 27, 2019 at 11:59 AM To: gpfsug main discussion list <[email protected]> Subject: [gpfsug-discuss] Adding to an existing GPFS ACL Hi All, First off, I have very limited experience with GPFS ACL’s, so please forgive me if I’m missing something obvious here. AFAIK, this is the first time we’ve hit something like this… We have a fileset where all the files / directories have GPFS NFSv4 ACL’s set on them. However, unlike most of our filesets where the same ACL is applied to every file / directory in the share, this one has different ACL’s on different files / directories. Now we have the need to add to the existing ACL’s … another group needs access. Unlike regular Unix / Linux ACL’s where setfacl can be used to just add to an ACL (i.e. setfacl -R g:group_name:rwx), I’m not seeing where GPFS has a similar command … i.e. mmputacl seems to expect the _entire_ new ACL to be supplied via either manual entry or an input file. That’s obviously problematic in this scenario. So am I missing something? Is there an easier solution than writing a script which recurses over the fileset, gets the existing ACL with mmgetacl and outputs that to a file, edits that file to add in the new group, and passes that as input to mmputacl? That seems very cumbersome and error prone, especially if I’m the one writing the script! Thanks… Kevin — Kevin Buterbaugh - Senior System Administrator Vanderbilt University - Advanced Computing Center for Research and Education [email protected]<mailto:[email protected]> - (615)875-9633 ________________________________ This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email. _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
