Hi,
Kernel nfs reorders the ACE in ACL and i think it puts more restrictive
ACEs first in the list. But i see NFS Ganesha is not doing it,is reordering
the responsibility of FSAL ?
Is there any plans to support reordering ?
Thanks,
Sagar.
On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D <sagar...@gmail.com> wrote:
> Sriram,
>
> Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4
> ACLs. Thanks!.
>
> Frank,
> Currently we are doing what you are suggesting i.e we are persistently
> saving the in-memory representation of ganesha NFSV4 ACL on disk.
> And I'm not sure whether we are ready to check in our fsal into ganesha
> yet. We will discuss this internally.
>
> Thanks!
>
> On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil <srir...@vmware.com> wrote:
>
>> Thank you for the correction, Frank.
>>
>>
>>
>> Sagar, there are a couple of more things that you have not mentioned yet,
>>
>>
>>
>> 1. Have you set ATTR_ACL in supported_attrs field of your FSALs
>> static fsinfo? (check usage of function nfs4_Fattr_Supported to know why
>> this is required)
>> 2. You may also want to take a look at ENABLE_RFC_ACL flag. This is
>> not for enabling ACLs but it is used for access checks in
>> fsal_check_access_acl.
>>
>>
>>
>> - Sriram
>>
>>
>>
>> *From: *Frank Filz <ffilz...@mindspring.com>
>> *Date: *Friday, February 16, 2018 at 8:19 PM
>> *To: *Sriram Patil <srir...@vmware.com>, 'Sagar M D' <sagar...@gmail.com>,
>> 'Supriti Singh' <supriti.si...@suse.com>
>> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <
>> nfs-ganesha-devel@lists.sourceforge.net>
>> *Subject: *RE: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but
>> that’s another detail.
>>
>>
>>
>> Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for
>> POSIX ACLs. At this point Ganesha has the following support for ACLs:
>>
>>
>>
>> FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server
>> side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common
>> code so it is available to more FSALs (and we will hook it up for FSAL_VFS
>> at that point). Note that the conversion is not perfect due to NFS v4 ACLs
>> not actually being a superset of POSIX ACLs.
>>
>>
>>
>> FSAL_GPFS has native support for NFS v4 ACLs.
>>
>>
>>
>> At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL
>> API. If your file system can support NFS v4 ACLs natively, then all you
>> need to do is provide a mechanism to transfer between Ganesha’s in memory
>> representation of an NFS v4 ACL and your on-disk representation. If your
>> file system can only support POSIX ACLs, then you will need the translation
>> code from FSAL_GLUSTER (or write your own).
>>
>>
>>
>> I’d also like to add my usual plug, if you have an out of tree FSAL, we
>> encourage you to submit your FSAL into the tree. That allows us a better
>> understanding of how Ganesha is being used, and we are less likely to
>> change APIs in a way that breaks your FSAL (or we will change your FSAL
>> with the API change).
>>
>>
>>
>> Frank
>>
>>
>>
>> *From:* Sriram Patil [mailto:srir...@vmware.com]
>> *Sent:* Friday, February 16, 2018 2:51 AM
>> *To:* Sagar M D <sagar...@gmail.com>; Supriti Singh <
>> supriti.si...@suse.com>
>> *Cc:* nfs-ganesha-devel@lists.sourceforge.net
>> *Subject:* Re: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> Hi Sagar,
>>
>>
>>
>> I see in your conf file that you are using NFSv4. POSIX acls do not work
>> on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you
>> need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can
>> find these commands in nfs4-acl-tools package.
>>
>>
>>
>> - Sriram
>>
>>
>>
>> *From: *Sagar M D <sagar...@gmail.com>
>> *Date: *Friday, February 16, 2018 at 3:20 PM
>> *To: *Supriti Singh <supriti.si...@suse.com>
>> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <
>> nfs-ganesha-devel@lists.sourceforge.net>
>> *Subject: *Re: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> I quickly checked on VFS FSAL using below EXPORT block. I see same issue
>> on vfs fsal also. Any suggestion here please ?
>>
>>
>>
>> *Operation to request attribute not supported. Failed to instantiate ACL.
>> *
>>
>> EXPORT
>> {
>> Export_Id = 77;
>>
>> # Exported path (mandatory)
>> Path = /home;
>>
>> # Pseudo Path (required for NFS v4)
>> Pseudo = /home;
>>
>> # Required for access (default is None)
>> # Could use CLIENT blocks instead
>> Access_Type = RW;
>> Disable_ACL = FALSE;
>> NFS_Protocols = 4;
>> Squash = no_root_squash;
>>
>> # Exporting FSAL
>> FSAL {
>> Name = VFS;
>> }
>> }
>>
>> Thanks,
>>
>> Sagar.
>>
>>
>>
>>
>>
>> On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D <sagar...@gmail.com> wrote:
>>
>> Supriti,
>>
>>
>>
>> We are testing our own FSAL.
>>
>> Thanks,
>>
>> Sagar.
>>
>>
>>
>>
>>
>> On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh <supriti.si...@suse.com>
>> wrote:
>>
>> Hi Sagar,
>>
>> Which FSAL are you using?
>>
>>
>>
>>
>>
>> ------
>>
>> Supriti Singh
>>
>> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
>>
>> HRB 21284 (AG Nürnberg)
>>
>>
>> >>> Sagar M D <sagar...@gmail.com> 02/16/18 9:15 AM >>>
>>
>> Hi,
>>
>> We are setting below value in our EXPORT block to enable ACL.
>> *Disable_ACL = FALSE;*
>>
>> However when try to do any ACL operation it throws get below error:-
>>
>> *Operation to request attribute not supported. Failed to instantiate ACL.*
>>
>> On further analysis, i found that getattr call on our fsal export's root
>> folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call
>> on pseudo export is returning "0" in aclsupport field.
>>
>>
>>
>>
>>
>> Is there anything else in fsal to be taken care to enable acls ?
>>
>>
>>
>> Thanks,
>>
>> Sagar.
>>
>>
>>
>>
>>
>>
>>
>>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
