Mailinglist Archive: opensuse (2912 mails)
| < Previous | Next > |
problem with NFS and POSIX ACL
- From: Paolo Negri <p_negri@xxxxxxxxxxx>
- Date: Fri, 18 Feb 2005 15:16:58 +0100
- Message-id: <4215F8DA.70003@xxxxxxxxxxx>
Hi there
I'm using kernel based NFS server in combination with POSIX ACL
Server: SuSE 9.1 all patches applied
Client: SuSE 9.2 all patches applied and SuSE 9.0 all patches applied
The beahviour of acl isn't the same on local server than on the clients
this is the problem i have in detail:
on server, as user root
server # mkdir group
server # setfacl -d -m group:testgroup:rwx group
server # setfacl -m group:testgroup:rwx group
server # getfacl group
# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
as user linus (member of testgroup) on server
server # touch fileserver
server # getfacl fileserver
# file: fileserver
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:rw-
mask::rw-
other::r--
server # mkdir serverdir
server # getfacl serverdir/
# file: serverdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
So this is really fine testgroup has the write access to files and dirs created by user linus.
Go on the client side, now and create a file and a directory
as user linus we check first how client see remote ACL...
client # getfacl group/
# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
It seems to be all right
client # cd group
client # touch fileclient
client # getfacl fileclient
# file: fileclient
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:r--
mask::r--
other::r--
client # mkdir clientdir
client # getfacl clientdir/
# file: clientdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
As you can see in this case the group testgroup doesn't have write permission on file and dirs. How can I fix this problem?
Thanks
I'm using kernel based NFS server in combination with POSIX ACL
Server: SuSE 9.1 all patches applied
Client: SuSE 9.2 all patches applied and SuSE 9.0 all patches applied
The beahviour of acl isn't the same on local server than on the clients
this is the problem i have in detail:
on server, as user root
server # mkdir group
server # setfacl -d -m group:testgroup:rwx group
server # setfacl -m group:testgroup:rwx group
server # getfacl group
# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
as user linus (member of testgroup) on server
server # touch fileserver
server # getfacl fileserver
# file: fileserver
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:rw-
mask::rw-
other::r--
server # mkdir serverdir
server # getfacl serverdir/
# file: serverdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
So this is really fine testgroup has the write access to files and dirs created by user linus.
Go on the client side, now and create a file and a directory
as user linus we check first how client see remote ACL...
client # getfacl group/
# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
It seems to be all right
client # cd group
client # touch fileclient
client # getfacl fileclient
# file: fileclient
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:r--
mask::r--
other::r--
client # mkdir clientdir
client # getfacl clientdir/
# file: clientdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x
As you can see in this case the group testgroup doesn't have write permission on file and dirs. How can I fix this problem?
Thanks
| < Previous | Next > |