On Tue, Nov 8, 2016 at 12:19 AM, Bill Maidment <[email protected]> wrote: > Hi again > My research has revealed that nfs in SL 7.2 is translating the POSIX ACL to > NFSv4 ACL (a completely different format). > vi appears to recognise NFSv4 ACL, but Nautilus, ls and probably other > programs, only seem to recognise POSIX ACL.
Ohh. *ouch*. NFSv4 permission management is.... well, it's ugly, for both NFS and for CIFS. > So I have the following alternatives: > 1. Stop nfs translating to NFSv4 ACL > 2. Change the guest mount to translate NFSv4 ACL back to POSIX ACL > 3. Change Nautilus, etc to recognise NFSv4 ACL > 4. Use Samba instead of nfs Samba is server software. The protocol you're referring to, whether the upstream is a Samba or Windows server, is CIFS, and the clients are generally in the somewhat independent toolkit cifs-utils, and CIFS would mean.... well, a lot of differences, including but not limited to a *very* chatty protocol with far inferior performance. > I'm not sure if 1. or 2. are possible and 3. may happen one day. Does anyone > know of a practical solution/workaround? > Cheers > Bill If feasible, I'd switch to resetting the default mount behavior to be NFSv3 based, not NFSv4. NFSv4 has a stack of potentially useful features, such as using Kerberos credentials instead of simply system uid for access control. In fact, I wonder if that's part of the issue? Do you have some Kerberized credentials in play here? > -----Original message----- >> From:Bill Maidment <[email protected]> >> Sent: Sunday 6th November 2016 19:56 >> To: Karel Lang AFD <[email protected]>; [email protected] >> Subject: RE: ACL Problem in SL7.2 >> >> Thanks for the response Karel. >> umask is the standard 0022 and this is a top level directory on the host >> machine. >> I am using SL 6.8 to access the directory via nfs share. >> It looks like there is no problem if the file is created with vi >> But if I use Nautilus then that's when I get the issue. >> So Nautilus on SL 6.8 seems to be the culprit (or is it caused by nfs?) >> Cheers >> Bill >> >> -----Original message----- >> > From:Karel Lang AFD <[email protected]> >> > Sent: Sunday 6th November 2016 16:16 >> > To: Bill Maidment <[email protected]>; [email protected] >> > Subject: Re: ACL Problem in SL7.2 >> > >> > Hi Bill >> > just pasted your work here to CLI and works OK on SL 6.7 and SL 7.2 here... >> > It has to be something else .. umask? or inherited from directory higher >> > up? >> > Maybe strace would help to see whats happening exactly? >> > >> > cheers >> > >> > On 11/06/2016 03:58 AM, Bill Maidment wrote: >> > > Hi >> > > I am trying to set up ACL on a directory such that any new file created >> > > in the directory has permissions of 0660. >> > > However, when I create a new file, the permissions are set as 0664 (see >> > > test.txt file below) >> > > Is this a bug or am I doing something wrong? >> > > >> > > These are the commands I used: >> > > >> > > chmod -R u+rwX,g+rwXs,o-rwx /pictures >> > > >> > > setfacl -d -m u::rwx,g::rwx,o::--- /pictures >> > > >> > > getfacl /pictures >> > > getfacl: Removing leading '/' from absolute path names >> > > # file: pictures >> > > # owner: nfs01 >> > > # group: nfs01 >> > > # flags: -s- >> > > user::rwx >> > > group::rwx >> > > other::--- >> > > default:user::rwx >> > > default:group::rwx >> > > default:other::--- >> > > >> > > ls -latrh /pictures >> > > total 4.0K >> > > dr-xr-xr-x. 22 root root 4.0K Nov 6 12:41 .. >> > > drwxrws---+ 2 nfs01 nfs01 21 Nov 6 13:10 Testing >> > > -rw-rw-r-- 1 nfs01 nfs01 0 Nov 6 13:44 test.txt >> > > drwxrws---+ 3 nfs01 nfs01 35 Nov 6 13:44 . >> > > >> > > Cheers >> > > Bill Maidment >> > > >> > >> > >> >>
