Sorry for this mail, directly to (as source said ;) nfs3 and nfs4
kernel developers, but i'm completely stopped trying to make acl work
via nfs.
For a little nonprofit organization i've setup a little network, with a
server (debian sarge, with samba3 and nfs), a windows client (some
legacy app...) and two ubuntu client.
The windows client and the ubuntu client share the same files, one via
samba (and ACL), the other via nfs.
I've tried all the options (there's only an ``noacl'' options, not an
``acl'' one...), i've verified with nfsstat that i was using nfs3, i've
done all i think is useful with no luck.
There's at least some kernel options, programs, mount switch ... with i
can debug this?
Please, help me. ;)
--=20
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it=
/
Polo FVG - Via della Bont=E0, 7 - 33078 - San Vito al Tagliamento (=
PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
that extends applications into web and mobile media. Attend the live webc=
ast
and join the prime developer group breaking into this new coding territor=
y!
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=3D=
121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Fri, Mar 03, 2006 at 11:38:06AM +0100, Marco Gaiarin wrote:
>
> Sorry for this mail, directly to (as source said ;) nfs3 and nfs4
> kernel developers, but i'm completely stopped trying to make acl work
> via nfs.
...
> There's at least some kernel options, programs, mount switch ... with i
> can debug this?
What filesystems are you exporting, and how are they mounted? (You
could just post the output of
mount
and
exportfs -v
both run on the server.)
Which kernel are you using?
If you're logged in to the server, can you succesfully get and set acls
on the filesystem that you're exporting?
--b.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Mandi! J. Bruce Fields
In chel di` si favelave...
> What filesystems are you exporting, and how are they mounted? (You
Apart /home (via autofs), i export /srv to clients. Both, as you can
see, are XFS ACL-enabled filesystem:
Mar 6 05:09:33 rita kernel: SGI XFS with ACLs, security attributes, no =
debug enabled
Mar 6 05:09:33 rita kernel: SGI XFS Quota Management subsystem
As requested:
rita:~# mount
/dev/sda1 on / type ext3 (rw,noatime,errors=3Dremount-ro)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=3D5,mode=3D620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda2 on /usr type ext3 (ro)
/dev/md2 on /var type xfs (rw)
/dev/md5 on /home type xfs (rw,nosuid,nodev,usrquota)
/dev/md4 on /srv type xfs (rw,noexec,nosuid,nodev,grpquota)
none on /proc/bus/usb type usbfs (rw)
rita:~# exportfs -v
/home mario.ac.concordia-pordenone.it(rw,wdelay,root_squash)
/home giovanni.ac.concordia-pordenone.it(rw,wdelay,root_squash)
/srv mario.ac.concordia-pordenone.it(rw,wdelay,root_squash)
/srv giovanni.ac.concordia-pordenone.it(rw,wdelay,root_squash)
> Which kernel are you using?
The last...
rita:~# uname -a
Linux rita 2.6.15.4 #1 SMP Tue Feb 28 19:16:58 CET 2006 i686 GNU/Linux
> If you're logged in to the server, can you succesfully get and set acls
> on the filesystem that you're exporting?
I usually set ACL only via windows, but...
rita:/srv/users/Da Riordinare/VARIE# getfacl ViewReport.pdf
# file: ViewReport.pdf
# owner: root
# group: root
user::rwx
group::---
group:presidenza:rwx
group:segreteria:rwx
mask::rwx
other::---
rita:/srv/users/Da Riordinare/VARIE# setfacl -m u:gaio:r ViewReport.pdf
rita:/srv/users/Da Riordinare/VARIE# getfacl ViewReport.pdf
# file: ViewReport.pdf
# owner: root
# group: root
user::rwx
user:gaio:r--
group::---
group:presidenza:rwx
group:segreteria:rwx
mask::rwx
other::---
yes, it works. ;)
Hope these helps. And many thanks.
--=20
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it=
/
Polo FVG - Via della Bont=E0, 7 - 33078 - San Vito al Tagliamento (=
PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
that extends applications into web and mobile media. Attend the live webc=
ast
and join the prime developer group breaking into this new coding territor=
y!
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=3D=
121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hello,
everything you reported so far looks fine. What do these give you on the
server and client?
grep CONFIG_NFS_V3_ACL /proc/config.gz
grep CONFIG_NFSD_V3_ACL /proc/config.gz
Can you set acls when mounting localhost:/srv locally on the server?
Andreas
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Mandi! Andreas Gruenbacher
In chel di` si favelave...
> everything you reported so far looks fine. What do these give you on th=
e=20
> server and client?
I'm not using ``config on kernel'' options, but debian copy kernel
config file on boot, so on server:
rita:~# grep V3_ACL /boot/config-2.6.15.4
# CONFIG_NFS_V3_ACL is not set
CONFIG_NFSD_V3_ACL=3Dy
and on client:
root@giovanni:~# grep V3_ACL /boot/config-2.6.14
CONFIG_NFS_V3_ACL=3Dy
CONFIG_NFSD_V3_ACL=3Dy
> Can you set acls when mounting localhost:/srv locally on the server?
As you can see i've at least to rebuild kernel, install and reboot the
server to test this. ;(
But i've switched on a client, and do some tests here.
On server:
rita:/srv/users# setfacl -m g:segreteria:rwx Webmaster
rita:/srv/users# getfacl Webmaster
# file: Webmaster
# owner: gaio
# group: webmaster
user::rwx
group::r-x
group:segreteria:rwx
mask::rwx
other::r-x
on client, after the above:
gaio@giovanni:/srv/users$ getfacl Webmaster
# file: Webmaster
# owner: gaio
# group: webmaster
user::rwx
group::rwx
other::r-x
gaio@giovanni:/srv/users$ setfacl -m g:webmaster:rwx Webmaster
setfacl: Webmaster: Operation not supported
--=20
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it=
/
Polo FVG - Via della Bont=E0, 7 - 33078 - San Vito al Tagliamento (=
PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
that extends applications into web and mobile media. Attend the live webc=
ast
and join the prime developer group breaking into this new coding territor=
y!
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=3D=
121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Mon, Mar 06, 2006 at 10:05:57AM +0100, Marco Gaiarin wrote:
> Apart /home (via autofs), i export /srv to clients. Both, as you can
> see, are XFS ACL-enabled filesystem:
Actually I got one other NFS/XFS ACL complaint recently, and confirmed
that with current kernels I'm able to get and set ext3 ACL's over NFS,
and get and set XFS ACL's locally, but I can't use XFS ACL's over NFS.
Which is odd--on a first glance it looks like the two filesystems export
posix acl's through the same interface, etc. I haven't had the chance
to figure out what's going on yet....
--b.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Mandi! J. Bruce Fields
In chel di` si favelave...
> Actually I got one other NFS/XFS ACL complaint recently, and confirmed
> that with current kernels I'm able to get and set ext3 ACL's over NFS,
> and get and set XFS ACL's locally, but I can't use XFS ACL's over NFS.
> Which is odd--on a first glance it looks like the two filesystems expor=
t
> posix acl's through the same interface, etc. I haven't had the chance
> to figure out what's going on yet....
If i can do something to debug that, say me.
Eg, better to recompile the server kernel with *client* ACL NFSv3
support?=20
--=20
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it=
/
Polo FVG - Via della Bont=E0, 7 - 33078 - San Vito al Tagliamento (=
PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
that extends applications into web and mobile media. Attend the live webc=
ast
and join the prime developer group breaking into this new coding territor=
y!
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=3D=
121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Wed, Mar 08, 2006 at 06:04:25PM +0100, Marco Gaiarin wrote:
> Mandi! J. Bruce Fields
> In chel di` si favelave...
>
> > Actually I got one other NFS/XFS ACL complaint recently, and confirmed
> > that with current kernels I'm able to get and set ext3 ACL's over NFS,
> > and get and set XFS ACL's locally, but I can't use XFS ACL's over NFS.
> > Which is odd--on a first glance it looks like the two filesystems export
> > posix acl's through the same interface, etc. I haven't had the chance
> > to figure out what's going on yet....
>
> If i can do something to debug that, say me.
Could you try the following patch? Fixes the problem for me.
--b.
nfsd4: fix acl xattr length return
We should be using the length from the second vfs_getxattr, in case it
changed. (Note: there's still a small race here; we could end up returning
-ENOMEM if the length increased between the first and second call. Oh
well; I'm not sure it's worth spending a lot of effort to fix that.)
Signed-off-by: J. Bruce Fields <[email protected]>
---
fs/nfsd/vfs.c | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 5320e5a..ac3a8e4 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -371,7 +371,6 @@ out_nfserr:
static ssize_t nfsd_getxattr(struct dentry *dentry, char *key, void **buf)
{
ssize_t buflen;
- int error;
buflen = vfs_getxattr(dentry, key, NULL, 0);
if (buflen <= 0)
@@ -381,10 +380,7 @@ static ssize_t nfsd_getxattr(struct dent
if (!*buf)
return -ENOMEM;
- error = vfs_getxattr(dentry, key, *buf, buflen);
- if (error < 0)
- return error;
- return buflen;
+ return vfs_getxattr(dentry, key, *buf, buflen);
}
#endif
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
It seems to work for me. Thanks!
Why does the return value of vfs_getxattr change between the two
calls though? Can you explain?
Thanks again,
Gopal
On Wednesday 08 March 2006 17:49, J. Bruce Fields wrote:
> On Wed, Mar 08, 2006 at 06:04:25PM +0100, Marco Gaiarin wrote:
> > Mandi! J. Bruce Fields
> > In chel di` si favelave...
> >
> > > Actually I got one other NFS/XFS ACL complaint recently,
> > > and confirmed that with current kernels I'm able to get
> > > and set ext3 ACL's over NFS, and get and set XFS ACL's
> > > locally, but I can't use XFS ACL's over NFS. Which is
> > > odd--on a first glance it looks like the two filesystems
> > > export posix acl's through the same interface, etc. I
> > > haven't had the chance to figure out what's going on
> > > yet....
> >
> > If i can do something to debug that, say me.
>
> Could you try the following patch? Fixes the problem for me.
>
> --b.
>
> nfsd4: fix acl xattr length return
>
> We should be using the length from the second vfs_getxattr, in
> case it changed. (Note: there's still a small race here; we
> could end up returning -ENOMEM if the length increased between
> the first and second call. Oh well; I'm not sure it's worth
> spending a lot of effort to fix that.)
>
> Signed-off-by: J. Bruce Fields <[email protected]>
> ---
>
> fs/nfsd/vfs.c | 6 +-----
> 1 files changed, 1 insertions(+), 5 deletions(-)
>
> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> index 5320e5a..ac3a8e4 100644
> --- a/fs/nfsd/vfs.c
> +++ b/fs/nfsd/vfs.c
> @@ -371,7 +371,6 @@ out_nfserr:
> static ssize_t nfsd_getxattr(struct dentry *dentry, char
> *key, void **buf) {
> ssize_t buflen;
> - int error;
>
> buflen = vfs_getxattr(dentry, key, NULL, 0);
> if (buflen <= 0)
> @@ -381,10 +380,7 @@ static ssize_t nfsd_getxattr(struct dent
> if (!*buf)
> return -ENOMEM;
>
> - error = vfs_getxattr(dentry, key, *buf, buflen);
> - if (error < 0)
> - return error;
> - return buflen;
> + return vfs_getxattr(dentry, key, *buf, buflen);
> }
> #endif
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking
> scripting language that extends applications into web and
> mobile media. Attend the live webcast and join the prime
> developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&
>dat=121642 _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hello,
the patch looks good.
On Thursday 09 March 2006 02:49, J. Bruce Fields wrote:
> nfsd4: fix acl xattr length return
Actually all versions, not only v4.
>
> We should be using the length from the second vfs_getxattr, in case it
> changed. (Note: there's still a small race here; we could end up returning
> -ENOMEM if the length increased between the first and second call. Oh
> well; I'm not sure it's worth spending a lot of effort to fix that.)
>
> Signed-off-by: J. Bruce Fields <[email protected]>
Signed-off-by: Andreas Gruenbacher <[email protected]>
> ---
>
> fs/nfsd/vfs.c | 6 +-----
> 1 files changed, 1 insertions(+), 5 deletions(-)
>
> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> index 5320e5a..ac3a8e4 100644
> --- a/fs/nfsd/vfs.c
> +++ b/fs/nfsd/vfs.c
> @@ -371,7 +371,6 @@ out_nfserr:
> static ssize_t nfsd_getxattr(struct dentry *dentry, char *key, void **buf)
> {
> ssize_t buflen;
> - int error;
>
> buflen = vfs_getxattr(dentry, key, NULL, 0);
> if (buflen <= 0)
> @@ -381,10 +380,7 @@ static ssize_t nfsd_getxattr(struct dent
> if (!*buf)
> return -ENOMEM;
>
> - error = vfs_getxattr(dentry, key, *buf, buflen);
> - if (error < 0)
> - return error;
> - return buflen;
> + return vfs_getxattr(dentry, key, *buf, buflen);
> }
> #endif
Thanks,
Andreas
--
Andreas Gruenbacher <[email protected]>
SUSE Labs, SUSE LINUX Products GmbH / Novell Inc.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Thu, Mar 09, 2006 at 12:56:30AM -0800, Gopal Santhanam wrote:
> It seems to work for me. Thanks!
>
> Why does the return value of vfs_getxattr change between the two
> calls though? Can you explain?
Well, it *could* happen just by accident if someone was modifying the
acl simultaneously with our fetching it. Obviously that wasn't
happening in this case, though.
Looks to me like a bug in XFS. Though in practice, since the return
value is expected to be used just to guess at the correct buffer size,
returning a too-large size probably isn't a problem for most
applications.
--b.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs