Return-Path: linux-nfs-owner@vger.kernel.org Received: from fieldses.org ([174.143.236.118]:60790 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756032Ab2BWPmR (ORCPT ); Thu, 23 Feb 2012 10:42:17 -0500 Date: Thu, 23 Feb 2012 10:42:15 -0500 From: "J. Bruce Fields" To: steve Cc: Jeff Layton , linux-nfs@vger.kernel.org Subject: Re: POSIX acls over nfs4 Message-ID: <20120223154215.GA26706@fieldses.org> References: <4F40053A.3090301@steve-ss.com> <4F412E2F.9070200@steve-ss.com> <4F45E78E.8050501@steve-ss.com> <20120223063913.5736a5b1@tlielax.poochiereds.net> <4F4628B8.90401@steve-ss.com> <20120223144053.GA25010@fieldses.org> <4F465C3A.9080802@steve-ss.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <4F465C3A.9080802@steve-ss.com> Sender: linux-nfs-owner@vger.kernel.org List-ID: On Thu, Feb 23, 2012 at 04:33:14PM +0100, steve wrote: > On 02/23/2012 03:40 PM, J. Bruce Fields wrote: > >On Thu, Feb 23, 2012 at 12:53:28PM +0100, steve wrote: > >>Hi Jeff > >>Thanks for the reply. I'm trying to make the files created in a > >>share take on group rw. > >> > >>The trouble is that I've already tried setting the acl's via > >>nfs4_setfacl on the mounted share too (please see details below). > >>The acl + appears on the unmounted share and behaves as expected > >>even when it is not mounted. The mounted share however ignores the > >>acl I've set. I've tried remounting but still no acl is effective. > >>My workaround is to scan the folder and change the files to group rw > >>every few seconds. > >Without looking at your details, apologies: > > > >First, if you want an ace on a directory to be inherited by files and > >directories created under that directory, make sure you're setting the f > >and d flags (see nfs4_getfacl -H). > > > >Second, there's a umask problem: posix acl inheritance overrides the > >umask, but nfs4 acl inheritance isn't doing that. (The client combines > >the create mode and the umask and sets both together, there's no way for > >the server to even tell what the umask is.) > > > >(We should do something about this if we can: maybe modifying the client > >to scan the directory acl for any inheritable aces and leaving out the > >umask if they're found? It has the obvious race, but I seem to recall > >we live with that in the v3 case. Or maybe there's something more > >clever, but this comes up every now and then and I can't remember a > >better solution.) > > > >--b. > Hi again > I have this: > nfs4_getfacl /mnt/CACTUS/dropbox/ > > A::OWNER@:rwaDxtTcCy > A::GROUP@:rwaDxtcy > A::EVERYONE@:tcy > A:fdi:OWNER@:rwaDxtTcCy > A:fdi:GROUP@:rwaDtcy > A:fdi:EVERYONE@:tcy > > but files are created: > steve6@hh3:/mnt/CACTUS/dropbox> touch h3 > ls -la > total 8 > drwxrws--- 2 root suseusers 4096 Feb 19 11:21 . > drwxr-xr-x 9 root root 4096 Feb 19 11:11 .. > -rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h > -rw-r----- 1 steve6 suseusers 0 Feb 19 11:21 h3 > > where h is a file created on the unmounted share and h3 on the nfs4 > mounted share. IOW the file created does not have group rw. > Ahhgghh!! Right, so see the second point above: what's your umask? (output of the "umask" command.) --b. > > Can anyone see anything wrong? > > Thanks so much for your patience. > Steve. >