Re: [Nfs-ganesha-devel] ACL support
On Thu, Feb 22, 2018 at 06:18:52AM -0800, Frank Filz wrote: > Ah, that might be an issue. It’s hard to gets POSIX<->NFS V4 ACL > conversion as best as possible (again, impossible to make it perfect, > even for POSIX->NFS V4). Well, POSIX->NFSv4 should be very close to perfect. (Name mapping might be the most likely problem in practice.) > It would be good to fix all these conversion issues (without copying > code from the kernel – note the license differences…) The original ACL mapping code was all written while I was at UM/CITI by me and a couple students, contributed under a permissive BSD-like license, as you can see from the license header on fs/nfsd/nfs4acl.c. So you should verify the license and git history to be sure, but I doubt licensing would be an obstacle. git://linux-nfs.org/bfields/acl.git also has patches implementing the same mapping in libacl, written entirely while I was at citi. They were never upstreamed. I'd recommend taking the kernel code instead as it's gotten more bugfixes. https://tools.ietf.org/html/draft-ietf-nfsv4-acl-mapping-05 has the best documentation of the mapping. All that aside, I agree with Frank that this is all complicated and error-prone. But the richacl patches seem stuck. The only other alternative I can think of at this point is to go back to the ietf nfsv4 working group with a proposal to add POSIX-like ACLs to NFSv4.2. --b. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Ah, that might be an issue. It’s hard to gets POSIX<->NFS V4 ACL conversion as best as possible (again, impossible to make it perfect, even for POSIX->NFS V4). It would be good to fix all these conversion issues (without copying code from the kernel – note the license differences…) Frank From: Sagar M D [mailto:sagar...@gmail.com] Sent: Wednesday, February 21, 2018 10:12 PM To: Sriram Patil Cc: Frank Filz ; Supriti Singh ; nfs-ganesha-devel@lists.sourceforge.net Subject: Re: [Nfs-ganesha-devel] ACL support Hi, Kernel nfs reorders the ACE in ACL and i think it puts more restrictive ACEs first in the list. But i see NFS Ganesha is not doing it,is reordering the responsibility of FSAL ? Is there any plans to support reordering ? Thanks, Sagar. On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D mailto:sagar...@gmail.com> > wrote: Sriram, Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4 ACLs. Thanks!. Frank, Currently we are doing what you are suggesting i.e we are persistently saving the in-memory representation of ganesha NFSV4 ACL on disk. And I'm not sure whether we are ready to check in our fsal into ganesha yet. We will discuss this internally. Thanks! On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil mailto:srir...@vmware.com> > wrote: Thank you for the correction, Frank. Sagar, there are a couple of more things that you have not mentioned yet, 1. Have you set ATTR_ACL in supported_attrs field of your FSALs static fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is required) 2. You may also want to take a look at ENABLE_RFC_ACL flag. This is not for enabling ACLs but it is used for access checks in fsal_check_access_acl. - Sriram From: Frank Filz mailto:ffilz...@mindspring.com> > Date: Friday, February 16, 2018 at 8:19 PM To: Sriram Patil mailto:srir...@vmware.com> >, 'Sagar M D' mailto:sagar...@gmail.com> >, 'Supriti Singh' Cc: "nfs-ganesha-devel@lists.sourceforge.net <mailto:nfs-ganesha-devel@lists.sourceforge.net> " mailto:nfs-ganesha-devel@lists.sourceforge.net> > Subject: RE: [Nfs-ganesha-devel] ACL support It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s another detail. Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX ACLs. At this point Ganesha has the following support for ACLs: FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it is available to more FSALs (and we will hook it up for FSAL_VFS at that point). Note that the conversion is not perfect due to NFS v4 ACLs not actually being a superset of POSIX ACLs. FSAL_GPFS has native support for NFS v4 ACLs. At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If your file system can support NFS v4 ACLs natively, then all you need to do is provide a mechanism to transfer between Ganesha’s in memory representation of an NFS v4 ACL and your on-disk representation. If your file system can only support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER (or write your own). I’d also like to add my usual plug, if you have an out of tree FSAL, we encourage you to submit your FSAL into the tree. That allows us a better understanding of how Ganesha is being used, and we are less likely to change APIs in a way that breaks your FSAL (or we will change your FSAL with the API change). Frank From: Sriram Patil [mailto:srir...@vmware.com <mailto:srir...@vmware.com> ] Sent: Friday, February 16, 2018 2:51 AM To: Sagar M D mailto:sagar...@gmail.com> >; Supriti Singh mailto:supriti.si...@suse.com> > Cc: nfs-ganesha-devel@lists.sourceforge.net <mailto:nfs-ganesha-devel@lists.sourceforge.net> Subject: Re: [Nfs-ganesha-devel] ACL support Hi Sagar, I see in your conf file that you are using NFSv4. POSIX acls do not work on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find these commands in nfs4-acl-tools package. - Sriram From: Sagar M D mailto:sagar...@gmail.com> > Date: Friday, February 16, 2018 at 3:20 PM To: Supriti Singh mailto:supriti.si...@suse.com> > Cc: "nfs-ganesha-devel@lists.sourceforge.net <mailto:nfs-ganesha-devel@lists.sourceforge.net> " Subject: Re: [Nfs-ganesha-devel] ACL support I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs fsal also. Any suggestion here please ? Operation to request attribute not supported. Failed to instantiate ACL. EXPORT { Export_Id = 77; # Exported path (mandatory) Path = /home; # Pseudo Path (required for NFS v4) Pseudo
Re: [Nfs-ganesha-devel] ACL support
Hi, Kernel nfs reorders the ACE in ACL and i think it puts more restrictive ACEs first in the list. But i see NFS Ganesha is not doing it,is reordering the responsibility of FSAL ? Is there any plans to support reordering ? Thanks, Sagar. On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D wrote: > Sriram, > > Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4 > ACLs. Thanks!. > > Frank, > Currently we are doing what you are suggesting i.e we are persistently > saving the in-memory representation of ganesha NFSV4 ACL on disk. > And I'm not sure whether we are ready to check in our fsal into ganesha > yet. We will discuss this internally. > > Thanks! > > On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil wrote: > >> Thank you for the correction, Frank. >> >> >> >> Sagar, there are a couple of more things that you have not mentioned yet, >> >> >> >>1. Have you set ATTR_ACL in supported_attrs field of your FSALs >>static fsinfo? (check usage of function nfs4_Fattr_Supported to know why >>this is required) >>2. You may also want to take a look at ENABLE_RFC_ACL flag. This is >>not for enabling ACLs but it is used for access checks in >>fsal_check_access_acl. >> >> >> >> - Sriram >> >> >> >> *From: *Frank Filz >> *Date: *Friday, February 16, 2018 at 8:19 PM >> *To: *Sriram Patil , 'Sagar M D' , >> 'Supriti Singh' >> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" < >> nfs-ganesha-devel@lists.sourceforge.net> >> *Subject: *RE: [Nfs-ganesha-devel] ACL support >> >> >> >> It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but >> that’s another detail. >> >> >> >> Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for >> POSIX ACLs. At this point Ganesha has the following support for ACLs: >> >> >> >> FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server >> side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common >> code so it is available to more FSALs (and we will hook it up for FSAL_VFS >> at that point). Note that the conversion is not perfect due to NFS v4 ACLs >> not actually being a superset of POSIX ACLs. >> >> >> >> FSAL_GPFS has native support for NFS v4 ACLs. >> >> >> >> At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL >> API. If your file system can support NFS v4 ACLs natively, then all you >> need to do is provide a mechanism to transfer between Ganesha’s in memory >> representation of an NFS v4 ACL and your on-disk representation. If your >> file system can only support POSIX ACLs, then you will need the translation >> code from FSAL_GLUSTER (or write your own). >> >> >> >> I’d also like to add my usual plug, if you have an out of tree FSAL, we >> encourage you to submit your FSAL into the tree. That allows us a better >> understanding of how Ganesha is being used, and we are less likely to >> change APIs in a way that breaks your FSAL (or we will change your FSAL >> with the API change). >> >> >> >> Frank >> >> >> >> *From:* Sriram Patil [mailto:srir...@vmware.com] >> *Sent:* Friday, February 16, 2018 2:51 AM >> *To:* Sagar M D ; Supriti Singh < >> supriti.si...@suse.com> >> *Cc:* nfs-ganesha-devel@lists.sourceforge.net >> *Subject:* Re: [Nfs-ganesha-devel] ACL support >> >> >> >> Hi Sagar, >> >> >> >> I see in your conf file that you are using NFSv4. POSIX acls do not work >> on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you >> need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can >> find these commands in nfs4-acl-tools package. >> >> >> >> - Sriram >> >> >> >> *From: *Sagar M D >> *Date: *Friday, February 16, 2018 at 3:20 PM >> *To: *Supriti Singh >> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" < >> nfs-ganesha-devel@lists.sourceforge.net> >> *Subject: *Re: [Nfs-ganesha-devel] ACL support >> >> >> >> I quickly checked on VFS FSAL using below EXPORT block. I see same issue >> on vfs fsal also. Any suggestion here please ? >> >> >> >> *Operation to request attribute not supported. Failed to instantiate ACL. >> * >> >> EXPORT >> { >> Export_Id = 77; >> >> # Exported path (mandatory) >>
Re: [Nfs-ganesha-devel] ACL support
Sriram, I was using nfsv4 acl commands only. [root@BDC sagar]# nfs4_getfacl 1.txt Operation to request attribute not supported. [root@BDC sagar]# nfs4_setfacl -a A::10:rxtncy 1.txt Operation to request attribute not supported. Failed to instantiate ACL. Thanks, Sagar. On Fri, Feb 16, 2018 at 4:20 PM, Sriram Patil wrote: > Hi Sagar, > > > > I see in your conf file that you are using NFSv4. POSIX acls do not work > on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you > need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can > find these commands in nfs4-acl-tools package. > > > > - Sriram > > > > *From: *Sagar M D > *Date: *Friday, February 16, 2018 at 3:20 PM > *To: *Supriti Singh > *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" sourceforge.net> > *Subject: *Re: [Nfs-ganesha-devel] ACL support > > > > I quickly checked on VFS FSAL using below EXPORT block. I see same issue > on vfs fsal also. Any suggestion here please ? > > > > *Operation to request attribute not supported. Failed to instantiate ACL. * > > EXPORT > { > Export_Id = 77; > > # Exported path (mandatory) > Path = /home; > > # Pseudo Path (required for NFS v4) > Pseudo = /home; > > # Required for access (default is None) > # Could use CLIENT blocks instead > Access_Type = RW; > Disable_ACL = FALSE; > NFS_Protocols = 4; > Squash = no_root_squash; > > # Exporting FSAL > FSAL { > Name = VFS; > } > } > > Thanks, > > Sagar. > > > > > > On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D wrote: > > Supriti, > > > > We are testing our own FSAL. > > Thanks, > > Sagar. > > > > > > On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh > wrote: > > Hi Sagar, > > Which FSAL are you using? > > > > > > -- > > Supriti Singh > > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, > > HRB 21284 (AG Nürnberg) > > > >>> Sagar M D 02/16/18 9:15 AM >>> > > Hi, > > We are setting below value in our EXPORT block to enable ACL. > *Disable_ACL = FALSE;* > > However when try to do any ACL operation it throws get below error:- > > *Operation to request attribute not supported. Failed to instantiate ACL.* > > On further analysis, i found that getattr call on our fsal export's root > folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call > on pseudo export is returning "0" in aclsupport field. > > > > > > Is there anything else in fsal to be taken care to enable acls ? > > > > Thanks, > > Sagar. > > > > > > > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Thank you for the correction, Frank. Sagar, there are a couple of more things that you have not mentioned yet, 1. Have you set ATTR_ACL in supported_attrs field of your FSALs static fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is required) 2. You may also want to take a look at ENABLE_RFC_ACL flag. This is not for enabling ACLs but it is used for access checks in fsal_check_access_acl. - Sriram From: Frank Filz Date: Friday, February 16, 2018 at 8:19 PM To: Sriram Patil , 'Sagar M D' , 'Supriti Singh' Cc: "nfs-ganesha-devel@lists.sourceforge.net" Subject: RE: [Nfs-ganesha-devel] ACL support It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s another detail. Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX ACLs. At this point Ganesha has the following support for ACLs: FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it is available to more FSALs (and we will hook it up for FSAL_VFS at that point). Note that the conversion is not perfect due to NFS v4 ACLs not actually being a superset of POSIX ACLs. FSAL_GPFS has native support for NFS v4 ACLs. At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If your file system can support NFS v4 ACLs natively, then all you need to do is provide a mechanism to transfer between Ganesha’s in memory representation of an NFS v4 ACL and your on-disk representation. If your file system can only support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER (or write your own). I’d also like to add my usual plug, if you have an out of tree FSAL, we encourage you to submit your FSAL into the tree. That allows us a better understanding of how Ganesha is being used, and we are less likely to change APIs in a way that breaks your FSAL (or we will change your FSAL with the API change). Frank From: Sriram Patil [mailto:srir...@vmware.com] Sent: Friday, February 16, 2018 2:51 AM To: Sagar M D ; Supriti Singh Cc: nfs-ganesha-devel@lists.sourceforge.net Subject: Re: [Nfs-ganesha-devel] ACL support Hi Sagar, I see in your conf file that you are using NFSv4. POSIX acls do not work on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find these commands in nfs4-acl-tools package. - Sriram From: Sagar M D mailto:sagar...@gmail.com>> Date: Friday, February 16, 2018 at 3:20 PM To: Supriti Singh mailto:supriti.si...@suse.com>> Cc: "nfs-ganesha-devel@lists.sourceforge.net<mailto:nfs-ganesha-devel@lists.sourceforge.net>" mailto:nfs-ganesha-devel@lists.sourceforge.net>> Subject: Re: [Nfs-ganesha-devel] ACL support I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs fsal also. Any suggestion here please ? Operation to request attribute not supported. Failed to instantiate ACL. EXPORT { Export_Id = 77; # Exported path (mandatory) Path = /home; # Pseudo Path (required for NFS v4) Pseudo = /home; # Required for access (default is None) # Could use CLIENT blocks instead Access_Type = RW; Disable_ACL = FALSE; NFS_Protocols = 4; Squash = no_root_squash; # Exporting FSAL FSAL { Name = VFS; } } Thanks, Sagar. On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D mailto:sagar...@gmail.com>> wrote: Supriti, We are testing our own FSAL. Thanks, Sagar. On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh mailto:supriti.si...@suse.com>> wrote: Hi Sagar, Which FSAL are you using? -- Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) >>> Sagar M D mailto:sagar...@gmail.com>> 02/16/18 9:15 AM >>> >>> Hi, We are setting below value in our EXPORT block to enable ACL. Disable_ACL = FALSE; However when try to do any ACL operation it throws get below error:- Operation to request attribute not supported. Failed to instantiate ACL. On further analysis, i found that getattr call on our fsal export's root folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on pseudo export is returning "0" in aclsupport field. Is there anything else in fsal to be taken care to enable acls ? Thanks, Sagar. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Sriram, Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4 ACLs. Thanks!. Frank, Currently we are doing what you are suggesting i.e we are persistently saving the in-memory representation of ganesha NFSV4 ACL on disk. And I'm not sure whether we are ready to check in our fsal into ganesha yet. We will discuss this internally. Thanks! On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil wrote: > Thank you for the correction, Frank. > > > > Sagar, there are a couple of more things that you have not mentioned yet, > > > >1. Have you set ATTR_ACL in supported_attrs field of your FSALs static >fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is >required) >2. You may also want to take a look at ENABLE_RFC_ACL flag. This is >not for enabling ACLs but it is used for access checks in >fsal_check_access_acl. > > > > - Sriram > > > > *From: *Frank Filz > *Date: *Friday, February 16, 2018 at 8:19 PM > *To: *Sriram Patil , 'Sagar M D' , > 'Supriti Singh' > *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" sourceforge.net> > *Subject: *RE: [Nfs-ganesha-devel] ACL support > > > > It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but > that’s another detail. > > > > Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for > POSIX ACLs. At this point Ganesha has the following support for ACLs: > > > > FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side > POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so > it is available to more FSALs (and we will hook it up for FSAL_VFS at that > point). Note that the conversion is not perfect due to NFS v4 ACLs not > actually being a superset of POSIX ACLs. > > > > FSAL_GPFS has native support for NFS v4 ACLs. > > > > At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL > API. If your file system can support NFS v4 ACLs natively, then all you > need to do is provide a mechanism to transfer between Ganesha’s in memory > representation of an NFS v4 ACL and your on-disk representation. If your > file system can only support POSIX ACLs, then you will need the translation > code from FSAL_GLUSTER (or write your own). > > > > I’d also like to add my usual plug, if you have an out of tree FSAL, we > encourage you to submit your FSAL into the tree. That allows us a better > understanding of how Ganesha is being used, and we are less likely to > change APIs in a way that breaks your FSAL (or we will change your FSAL > with the API change). > > > > Frank > > > > *From:* Sriram Patil [mailto:srir...@vmware.com] > *Sent:* Friday, February 16, 2018 2:51 AM > *To:* Sagar M D ; Supriti Singh < > supriti.si...@suse.com> > *Cc:* nfs-ganesha-devel@lists.sourceforge.net > *Subject:* Re: [Nfs-ganesha-devel] ACL support > > > > Hi Sagar, > > > > I see in your conf file that you are using NFSv4. POSIX acls do not work > on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you > need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can > find these commands in nfs4-acl-tools package. > > > > - Sriram > > > > *From: *Sagar M D > *Date: *Friday, February 16, 2018 at 3:20 PM > *To: *Supriti Singh > *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" sourceforge.net> > *Subject: *Re: [Nfs-ganesha-devel] ACL support > > > > I quickly checked on VFS FSAL using below EXPORT block. I see same issue > on vfs fsal also. Any suggestion here please ? > > > > *Operation to request attribute not supported. Failed to instantiate ACL. * > > EXPORT > { > Export_Id = 77; > > # Exported path (mandatory) > Path = /home; > > # Pseudo Path (required for NFS v4) > Pseudo = /home; > > # Required for access (default is None) > # Could use CLIENT blocks instead > Access_Type = RW; > Disable_ACL = FALSE; > NFS_Protocols = 4; > Squash = no_root_squash; > > # Exporting FSAL > FSAL { > Name = VFS; > } > } > > Thanks, > > Sagar. > > > > > > On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D wrote: > > Supriti, > > > > We are testing our own FSAL. > > Thanks, > > Sagar. > > > > > > On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh > wrote: > > Hi Sagar, > > Which FSAL are you using? > > > > > > -- > > Supriti Singh > > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Nort
Re: [Nfs-ganesha-devel] ACL support
It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s another detail. Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX ACLs. At this point Ganesha has the following support for ACLs: FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it is available to more FSALs (and we will hook it up for FSAL_VFS at that point). Note that the conversion is not perfect due to NFS v4 ACLs not actually being a superset of POSIX ACLs. FSAL_GPFS has native support for NFS v4 ACLs. At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If your file system can support NFS v4 ACLs natively, then all you need to do is provide a mechanism to transfer between Ganesha’s in memory representation of an NFS v4 ACL and your on-disk representation. If your file system can only support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER (or write your own). I’d also like to add my usual plug, if you have an out of tree FSAL, we encourage you to submit your FSAL into the tree. That allows us a better understanding of how Ganesha is being used, and we are less likely to change APIs in a way that breaks your FSAL (or we will change your FSAL with the API change). Frank From: Sriram Patil [mailto:srir...@vmware.com] Sent: Friday, February 16, 2018 2:51 AM To: Sagar M D ; Supriti Singh Cc: nfs-ganesha-devel@lists.sourceforge.net Subject: Re: [Nfs-ganesha-devel] ACL support Hi Sagar, I see in your conf file that you are using NFSv4. POSIX acls do not work on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find these commands in nfs4-acl-tools package. - Sriram From: Sagar M D mailto:sagar...@gmail.com> > Date: Friday, February 16, 2018 at 3:20 PM To: Supriti Singh mailto:supriti.si...@suse.com> > Cc: "nfs-ganesha-devel@lists.sourceforge.net <mailto:nfs-ganesha-devel@lists.sourceforge.net> " mailto:nfs-ganesha-devel@lists.sourceforge.net> > Subject: Re: [Nfs-ganesha-devel] ACL support I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs fsal also. Any suggestion here please ? Operation to request attribute not supported. Failed to instantiate ACL. EXPORT { Export_Id = 77; # Exported path (mandatory) Path = /home; # Pseudo Path (required for NFS v4) Pseudo = /home; # Required for access (default is None) # Could use CLIENT blocks instead Access_Type = RW; Disable_ACL = FALSE; NFS_Protocols = 4; Squash = no_root_squash; # Exporting FSAL FSAL { Name = VFS; } } Thanks, Sagar. On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D mailto:sagar...@gmail.com> > wrote: Supriti, We are testing our own FSAL. Thanks, Sagar. On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh mailto:supriti.si...@suse.com> > wrote: Hi Sagar, Which FSAL are you using? -- Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) >>> Sagar M D mailto:sagar...@gmail.com> > 02/16/18 9:15 >>> AM >>> Hi, We are setting below value in our EXPORT block to enable ACL. Disable_ACL = FALSE; However when try to do any ACL operation it throws get below error:- Operation to request attribute not supported. Failed to instantiate ACL. On further analysis, i found that getattr call on our fsal export's root folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on pseudo export is returning "0" in aclsupport field. Is there anything else in fsal to be taken care to enable acls ? Thanks, Sagar. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Hi Sagar, I see in your conf file that you are using NFSv4. POSIX acls do not work on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find these commands in nfs4-acl-tools package. - Sriram From: Sagar M D Date: Friday, February 16, 2018 at 3:20 PM To: Supriti Singh Cc: "nfs-ganesha-devel@lists.sourceforge.net" Subject: Re: [Nfs-ganesha-devel] ACL support I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs fsal also. Any suggestion here please ? Operation to request attribute not supported. Failed to instantiate ACL. EXPORT { Export_Id = 77; # Exported path (mandatory) Path = /home; # Pseudo Path (required for NFS v4) Pseudo = /home; # Required for access (default is None) # Could use CLIENT blocks instead Access_Type = RW; Disable_ACL = FALSE; NFS_Protocols = 4; Squash = no_root_squash; # Exporting FSAL FSAL { Name = VFS; } } Thanks, Sagar. On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D mailto:sagar...@gmail.com>> wrote: Supriti, We are testing our own FSAL. Thanks, Sagar. On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh mailto:supriti.si...@suse.com>> wrote: Hi Sagar, Which FSAL are you using? -- Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) >>> Sagar M D mailto:sagar...@gmail.com>> 02/16/18 9:15 AM >>> >>> Hi, We are setting below value in our EXPORT block to enable ACL. Disable_ACL = FALSE; However when try to do any ACL operation it throws get below error:- Operation to request attribute not supported. Failed to instantiate ACL. On further analysis, i found that getattr call on our fsal export's root folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on pseudo export is returning "0" in aclsupport field. Is there anything else in fsal to be taken care to enable acls ? Thanks, Sagar. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs fsal also. Any suggestion here please ? *Operation to request attribute not supported.Failed to instantiate ACL.* EXPORT { Export_Id = 77; # Exported path (mandatory) Path = /home; # Pseudo Path (required for NFS v4) Pseudo = /home; # Required for access (default is None) # Could use CLIENT blocks instead Access_Type = RW; Disable_ACL = FALSE; NFS_Protocols = 4; Squash = no_root_squash; # Exporting FSAL FSAL { Name = VFS; } } Thanks, Sagar. On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D wrote: > Supriti, > > We are testing our own FSAL. > > Thanks, > Sagar. > > > On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh > wrote: > >> Hi Sagar, >> >> Which FSAL are you using? >> >> >> >> >> -- >> Supriti Singh >> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, >> HRB 21284 (AG Nürnberg) >> >> >>> Sagar M D 02/16/18 9:15 AM >>> >> Hi, >> >> We are setting below value in our EXPORT block to enable ACL. >> *Disable_ACL = FALSE;* >> >> However when try to do any ACL operation it throws get below error:- >> >> *Operation to request attribute not supported.Failed to instantiate ACL.* >> >> On further analysis, i found that getattr call on our fsal export's root >> folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call >> on pseudo export is returning "0" in aclsupport field. >> >> >> Is there anything else in fsal to be taken care to enable acls ? >> >> Thanks, >> Sagar. >> >> >> > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Supriti, We are testing our own FSAL. Thanks, Sagar. On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh wrote: > Hi Sagar, > > Which FSAL are you using? > > > > > -- > Supriti Singh > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, > HRB 21284 (AG Nürnberg) > > >>> Sagar M D 02/16/18 9:15 AM >>> > Hi, > > We are setting below value in our EXPORT block to enable ACL. > *Disable_ACL = FALSE;* > > However when try to do any ACL operation it throws get below error:- > > *Operation to request attribute not supported.Failed to instantiate ACL.* > > On further analysis, i found that getattr call on our fsal export's root > folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call > on pseudo export is returning "0" in aclsupport field. > > > Is there anything else in fsal to be taken care to enable acls ? > > Thanks, > Sagar. > > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
Re: [Nfs-ganesha-devel] ACL support
Hi Sagar, Which FSAL are you using? -- Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) >>> Sagar M D 02/16/18 9:15 AM >>> Hi, We are setting below value in our EXPORT block to enable ACL. Disable_ACL = FALSE; However when try to do any ACL operation it throws get below error:- Operation to request attribute not supported. Failed to instantiate ACL. On further analysis, i found that getattr call on our fsal export's root folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on pseudo export is returning "0" in aclsupport field. Is there anything else in fsal to be taken care to enable acls ? Thanks, Sagar. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
[Nfs-ganesha-devel] ACL support
Hi, We are setting below value in our EXPORT block to enable ACL. *Disable_ACL = FALSE;* However when try to do any ACL operation it throws get below error:- *Operation to request attribute not supported.Failed to instantiate ACL.* On further analysis, i found that getattr call on our fsal export's root folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on pseudo export is returning "0" in aclsupport field. Is there anything else in fsal to be taken care to enable acls ? Thanks, Sagar. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel