Re: Mixing fBSD 4 and 5 - NFS ACL's

2004-10-11 Thread Matthew Seaman
On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote:

 I need to use the new ACL feature on one of our servers. However the
 data doesn't reside on the server that its being served from it is
 mounted via NFS.
 
 Im guessing I will need to install fBSD5 on the two servers I want to
 use ACL on, but will the other fBSD4 servers still be able to use NFS ok
 (they don't need to use ACL)??
 
 Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and
 also, how stable is / does ACL even work between to fBSD5 machines using
 NFS?


See
http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html
under the 'Desired Features for 5.3-RELEASE' section:

 |  | || Currently, MAC   |
 |  | || protections are  |
 |  | || enforced only on |
 |  | || locally originated   |
 |  | || file system  |
 |  | || operations (VOPs),   |
 |  | || and not on RPCs  |
 |  | || generated via the|
 |  | || NFS server.  |
 | MAC support for  | || Improvements in NFS  |
 | NFS Server   | Not done| Robert Watson  | server credential|
 |  | || handling are |
 |  | || required to correct  |
 |  | || this problem, as |
 |  | || well as the  |
 |  | || introduction of new  |
 |  | || entry points to  |
 |  | || properly label NFS   |
 |  | || credentials and  |
 |  | || perform enforcement  |
 |  | || properly.|


So the only possibility for ACL support over NFS is going to be a 5.x
release, but seeing as it hasn't been included yet, probably not
5.3-RELEASE.

One possible route around that would be to use GEOM Gate -- that's a
system rather like iSCSI or Linux's DRDB, where the server exports a
disk device, rather than a filesystem.  This is a standard part of 5.x
now, and will be in 5.3-RELEASE, but it's still very new, so test
carefully before putting it onto important servers.

See: 

   http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html

   
http://www.freebsd.org/cgi/man.cgi?query=ggatecapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html

   
http://www.freebsd.org/cgi/man.cgi?query=ggatedapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html

   
http://www.freebsd.org/cgi/man.cgi?query=ggatelapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html

A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS
server.  FreeBSD 4.x has no support for GEOM Gate though.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpiV1fPzfD4M.pgp
Description: PGP signature


RE: Mixing fBSD 4 and 5 - NFS ACL's

2004-10-11 Thread Jamie Heckford
Thanks Matt, I'll have a look at GEOM gate but will most likely have to
wait for the NFS support.

If anyone needs any help testing the NFS Server work I'll be more than
happy.

Jamie 

-Original Message-
From: Matthew Seaman [mailto:[EMAIL PROTECTED] 
Sent: 11 October 2004 11:10
To: Jamie Heckford
Cc: [EMAIL PROTECTED]
Subject: Re: Mixing fBSD 4 and 5 - NFS ACL's

On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote:

 I need to use the new ACL feature on one of our servers. However 
 the data doesn't reside on the server that its being served from it is

 mounted via NFS.
 
 Im guessing I will need to install fBSD5 on the two servers I want to 
 use ACL on, but will the other fBSD4 servers still be able to use NFS 
 ok (they don't need to use ACL)??
 
 Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and

 also, how stable is / does ACL even work between to fBSD5 machines 
 using NFS?


See
http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.h
tml
under the 'Desired Features for 5.3-RELEASE' section:

 |  | || Currently, MAC
|
 |  | || protections are
|
 |  | || enforced only on
|
 |  | || locally originated
|
 |  | || file system
|
 |  | || operations (VOPs),
|
 |  | || and not on RPCs
|
 |  | || generated via the
|
 |  | || NFS server.
|
 | MAC support for  | || Improvements in NFS
|
 | NFS Server   | Not done| Robert Watson  | server credential
|
 |  | || handling are
|
 |  | || required to correct
|
 |  | || this problem, as
|
 |  | || well as the
|
 |  | || introduction of new
|
 |  | || entry points to
|
 |  | || properly label NFS
|
 |  | || credentials and
|
 |  | || perform enforcement
|
 |  | || properly.
|


So the only possibility for ACL support over NFS is going to be a 5.x
release, but seeing as it hasn't been included yet, probably not
5.3-RELEASE.

One possible route around that would be to use GEOM Gate -- that's a
system rather like iSCSI or Linux's DRDB, where the server exports a
disk device, rather than a filesystem.  This is a standard part of 5.x
now, and will be in 5.3-RELEASE, but it's still very new, so test
carefully before putting it onto important servers.

See: 

 
http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html

 
http://www.freebsd.org/cgi/man.cgi?query=ggatecapropos=0sektion=0manp
ath=FreeBSD+6.0-currentformat=html

 
http://www.freebsd.org/cgi/man.cgi?query=ggatedapropos=0sektion=0manp
ath=FreeBSD+6.0-currentformat=html

 
http://www.freebsd.org/cgi/man.cgi?query=ggatelapropos=0sektion=0manp
ath=FreeBSD+6.0-currentformat=html

A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS
server.  FreeBSD 4.x has no support for GEOM Gate though.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]