Jonathan is mostly right, except that the option is not in mmlsconfig but part of the filesystem configuration (mmlsfs,mmchfs)
# mmlsfs objfs -k flag value description ------------------- ------------------------ ----------------------------------- -k nfs4 ACL semantics in effect Mit freundlichen Grüßen / Kind regards Mathias Dietz Spectrum Scale Development - Release Lead Architect (4.2.x) Spectrum Scale RAS Architect --------------------------------------------------------------------------- IBM Deutschland Am Weiher 24 65451 Kelsterbach Phone: +49 70342744105 Mobile: +49-15152801035 E-Mail: [email protected] ----------------------------------------------------------------------------- IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk WittkoppSitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 From: "Fosburgh,Jonathan" <[email protected]> To: "[email protected]" <[email protected]> Date: 15/05/2019 12:52 Subject: Re: [gpfsug-discuss] Enforce ACLs Sent by: [email protected] I'm not 100% sure this is that it is, but it is most likely your ACL config. If you have to use the nfsv4 ACLs, check in mmlsconfig to make sure you are only using nfsv4 ACLs. I think the options are posix, nfsv4, and both. I would guess you are set to both. -- Jonathan Fosburgh Principal Application Systems Analyst IT Operations Storage Team The University of Texas MD Anderson Cancer Center (713) 745-9346 From: [email protected] <[email protected]> on behalf of Rehs, Philipp Helo <[email protected]> Sent: Wednesday, May 15, 2019 3:48:19 AM To: [email protected] Subject: [EXT] [gpfsug-discuss] Enforce ACLs Hello, we are using GPFS 4.2.3 and at the moment we are looking into acls and inheritance. I have the following acls on a directory: #NFSv4 ACL #owner:root #group:root special:owner@:rwxc:allow:FileInherit:DirInherit (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED special:group@:r-x-:allow:FileInherit:DirInherit (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (- )WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED special:everyone@:----:allow:FileInherit:DirInherit (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (- )READ_ACL (-)READ_ATTR (-)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (- )WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED user:userABC:rwx-:allow:FileInherit:DirInherit (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (- )WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED Then the user creates a new folder in this directory and it does not get the same acl but normal unix permissions. Is there any way to enforce the new permissions from the parent? Kind regards Philipp -- Heinrich-Heine-Universität Düsseldorf Zentrum für Informations- und Medientechnologie Kompetenzzentrum für wissenschaftliches Rechnen und Speichern Universitätsstraße 1 Gebäude 25.41 Raum 00.51 Telefon: +49-211-81-15557 Mail: [email protected] The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems. _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=9dCEbNr27klWay2AcOfvOE1xq50K-CyRUu4qQx4HOlk&m=T_hndYqE7LOa07-SB6rtf9IPYJT3XiUhUHcCpwbwduM&s=1Xxw6UtKRGh1T4KLYgawTRpI_E_3jHdYnmAy_1rUSrg&e=
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
