Re: [gpfsug-discuss] NFS4 ACLs and umask on GPFS

[Marc A Kaplan]

(IMO) NFSv4 ACLs are complicated.  Confusing.  Difficult.  Befuddling. 
PIA. Before questioning the GPFS implementation, see how they work in 
other file systems.
If GPFS does it differently, perhaps there is a rationale, or perhaps 
you've found a bug.


___
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss

Re: [gpfsug-discuss] NFS4 ACLs and umask on GPFS

[IBM Spectrum Scale]

Yes, that is the intended behavior.  As in the section on traditional ACLs
that you found, the intent is that if there is a default/inherited ACL, the
object is created with that (and if there is no default/inherited ACL, then
the mode and umask are the basis for the initial set of permissions).

Regards, The Spectrum Scale (GPFS) team

--

If you feel that your question can benefit other users of  Spectrum Scale
(GPFS), then please post it to the public IBM developerWroks Forum at
https://www.ibm.com/developerworks/community/forums/html/forum?id=----0479.


If your query concerns a potential software error in Spectrum Scale (GPFS)
and you have an IBM software maintenance contract please contact
1-800-237-5511 in the United States or your local IBM Service Center in
other countries.

The forum is informally monitored as time permits and should not be used
for priority messages to the Spectrum Scale (GPFS) team.



From:   "Dietrich, Stefan" 
To: gpfsug-discuss@spectrumscale.org
Date:   08/08/2017 12:17 PM
Subject:[gpfsug-discuss] NFS4 ACLs and umask on GPFS
Sent by:gpfsug-discuss-boun...@spectrumscale.org



Hello,

I am currently trying to understand an issue with ACLs and how GPFS handles
the umask.
The filesystem is configured for NFS4 ACLs only (-k nfs4), filesets have
been configured for chmodAndUpdateACL and the access is through a native
GPFS client (v4.2.3).

If I create a new file in a directory, which has an ACE with inheritance,
the configured umask on the shell is completely ignored.
The new file only contains ACEs from the inherited ACL.
As soon as the ACE with inheritance is removed, newly created files receive
the correct configured umask.
Obvious downside, no ACLs anymore :(

Additionally, it looks like that the specified mode bits for an open call
are ignored as well.
E.g. with an strace I see, that the open call includes the correct mode
bits. However, the new file only has inherited ACEs.

According to the NFSv4 RFC, the behavior is more or less undefined, only
with NFSv4.2 umask will be added to the protocol.
For GPFS, I found a section in the traditional ACL administration section,
but nothing in the NFS4 ACL section of the docs.

Is my current observation the intended behavior of GPFS?

Regards,
Stefan

--

Stefan DietrichDeutsches Elektronen-Synchrotron (IT-Systems)
Ein Forschungszentrum der Helmholtz-Gemeinschaft
Notkestr. 85
phone:  +49-40-8998-4696   22607 Hamburg
e-mail: stefan.dietr...@desy.de  Germany

___
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss



___
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss