Hi,
I have a strange problem trying to use ACLs over NFS.
Our NFS server exports two directories /home and /rpm.
/rpm is exported ro, /home contains all the user homes
and is exported rw. Both are reiserfs.
The NFS server is running a 2.6.8 SuSE kernel (SuSE 9.2).
To activate ACLs, I stopped the nfs server, remounted
the local FS with acl and restarted the nfs server.
Then I set some acls on some files in /rpm and in /home.
Almost all clients (running the same kernel) could immediately
see the ACLs (i.e., the + sign in the ls output) on both
directories without remounting (so I guess the "defaults"
includes the acl option for NFS mounts already).
But on some hosts (especially some IBM xSeries) the ACLs
are visible in /rpm, but not in /home. Changing the lines
in fstab to "defaults,acl" didn't change that. The ACLs in
/home are not visible, even not after rebooting the host
several times (the "+" does not show up in ls, and getfacl
doesn't report any additional acls).
However, when I unmount /home and remount with "mount /home",
suddendly the ACLs are visible and can even be changed.
(just remounting with "-o remount" does not work).
But when rebooting the host, the ACLs are invisible again
until unmounting and remounting /home once again.
Any ideas what could go wrong here?
All the hosts are installed identically via autoyast (same
kernel, same software distribution, same mounts, users etc.)
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
to den 30.06.2005 Klokka 13:47 (+0200) skreiv Frank Steiner:
> Any ideas what could go wrong here?
There is no client side NFS ACL support for NFSv2. Have you tried a
'cat /proc/mounts' to check that the partition is indeed mounted as
NFSv3 when reading the ACLs fails?
Cheers,
Trond
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Trond Myklebust wrote
> to den 30.06.2005 Klokka 13:47 (+0200) skreiv Frank Steiner:
>
>>Any ideas what could go wrong here?
>
> There is no client side NFS ACL support for NFSv2. Have you tried a
> 'cat /proc/mounts' to check that the partition is indeed mounted as
> NFSv3 when reading the ACLs fails?
Yes, it definitely is mounted with v3.
Here's sth. new I found out this morning: It looks like the _first_
NFS mount from the server does not get ACLs. I.e., when I switch the
order of the entries so that /rpm is mounted first, /home second, then
the ACLs are visible on /home but not on rpm.
I added a second NFS server with one export and activated ACLs there,
and it's still the same: Whichever of the three mounts comes first
does not have ACLs until it is unmounted and remounted. So if the
new NFS mount entry comes first on the client, both /rpm and /home
will have ACLs.
So this looks more like a client bug to me, because it is not always
the first mount from the same server that does not have ACL, but the
first overall NFS mount. Like the client was not able to initialize
ACLs for NFS before the first mount is done...
I will check a recent kernel on the client side.
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Fri, Jul 01, 2005 at 07:52:08AM +0200, Frank Steiner wrote:
> Trond Myklebust wrote
>
> >to den 30.06.2005 Klokka 13:47 (+0200) skreiv Frank Steiner:
> >
> >>Any ideas what could go wrong here?
> >
> >There is no client side NFS ACL support for NFSv2. Have you tried a
> >'cat /proc/mounts' to check that the partition is indeed mounted as
> >NFSv3 when reading the ACLs fails?
>
> Yes, it definitely is mounted with v3.
>
> Here's sth. new I found out this morning: It looks like the _first_
> NFS mount from the server does not get ACLs. I.e., when I switch the
> order of the entries so that /rpm is mounted first, /home second, then
> the ACLs are visible on /home but not on rpm.
> I added a second NFS server with one export and activated ACLs there,
> and it's still the same: Whichever of the three mounts comes first
> does not have ACLs until it is unmounted and remounted. So if the
> new NFS mount entry comes first on the client, both /rpm and /home
> will have ACLs.
>
> So this looks more like a client bug to me, because it is not always
> the first mount from the same server that does not have ACL, but the
> first overall NFS mount. Like the client was not able to initialize
> ACLs for NFS before the first mount is done...
>
> I will check a recent kernel on the client side.
>
> cu,
> Frank
>
Just out of curiosity what kind of file system are the NFS servers export to
NFS? Is it a shared cluster fs, like vxfs, or ocfs, or the like, or is it just
plain old ext3?
Neil
> --
> Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
> Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
> LMU, Amalienstr. 17 Phone: +49 89 2180-4049
> 80333 Muenchen, Germany Fax: +49 89 2180-99-4049
> * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
--
/***************************************************
*Neil Horman
*Software Engineer
*Red Hat, Inc.
*[email protected]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
***************************************************/
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Neil Horman wrote
> Just out of curiosity what kind of file system are the NFS servers export to
> NFS? Is it a shared cluster fs, like vxfs, or ocfs, or the like, or is it just
> plain old ext3?
> Neil
Plain old reiserfs :-)
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
fr den 01.07.2005 Klokka 07:52 (+0200) skreiv Frank Steiner:
> So this looks more like a client bug to me, because it is not always
> the first mount from the same server that does not have ACL, but the
> first overall NFS mount. Like the client was not able to initialize
> ACLs for NFS before the first mount is done...
I won't buy that argument until I see a tcpdump to prove it ;-)
Cheers,
Trond
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Frank Steiner wrote
> Here's sth. new I found out this morning: It looks like the _first_
> NFS mount from the server does not get ACLs. I.e., when I switch the
> order of the entries so that /rpm is mounted first, /home second, then
> the ACLs are visible on /home but not on rpm.
> I added a second NFS server with one export and activated ACLs there,
> and it's still the same: Whichever of the three mounts comes first
> does not have ACLs until it is unmounted and remounted. So if the
> new NFS mount entry comes first on the client, both /rpm and /home
> will have ACLs.
>
> So this looks more like a client bug to me, because it is not always
> the first mount from the same server that does not have ACL, but the
> first overall NFS mount. Like the client was not able to initialize
> ACLs for NFS before the first mount is done...
>
> I will check a recent kernel on the client side.
Seems to be a bug in <= 2.6.8 (maybe .9, .10). I checked the SuSE kernel
from SuSE 9.3 which is a 2.6.11 (I'm always using SuSE kernels due to some
patches in there that I need), and the problem goes away. Now also the
first mount from the 2.6.8-server has ACLs. So it really looks like a
client bug. Now I must hope that the SuSE team might fix this for the
older kernels :-)
Olaf/Andreas: If you want to take a look at this bug, let me know if
I can provide some logs/debugging info etc. With the server running
the 2.6.8 from 9.2, the bug occurs on the client side with 2.6.8
and the 2.6.5 from SLES9 up to SP2-RC, but not with 2.6.11.4-21.7
from 9.3.
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hello,
On Monday 04 July 2005 11:04, Frank Steiner wrote:
> Olaf/Andreas: If you want to take a look at this bug, let me know if
> I can provide some logs/debugging info etc. With the server running
> the 2.6.8 from 9.2, the bug occurs on the client side with 2.6.8
> and the 2.6.5 from SLES9 up to SP2-RC, but not with 2.6.11.4-21.7
> from 9.3.
I'll have a look, thanks.
Regards,
--
Andreas Gruenbacher <[email protected]>
SUSE Labs, SUSE LINUX PRODUCTS GMBH
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs