Mailinglist Archive: opensuse (2912 mails)

< Previous Next >
problem with NFS and POSIX ACL
  • From: Paolo Negri <p_negri@xxxxxxxxxxx>
  • Date: Fri, 18 Feb 2005 15:16:58 +0100
  • Message-id: <4215F8DA.70003@xxxxxxxxxxx>
Hi there

I'm using kernel based NFS server in combination with POSIX ACL

Server: SuSE 9.1 all patches applied
Client: SuSE 9.2 all patches applied and SuSE 9.0 all patches applied

The beahviour of acl isn't the same on local server than on the clients

this is the problem i have in detail:

on server, as user root

server # mkdir group
server # setfacl -d -m group:testgroup:rwx group
server # setfacl -m group:testgroup:rwx group

server # getfacl group

# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x

as user linus (member of testgroup) on server

server # touch fileserver
server # getfacl fileserver
# file: fileserver
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:rw-
mask::rw-
other::r--

server # mkdir serverdir
server # getfacl serverdir/
# file: serverdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x

So this is really fine testgroup has the write access to files and dirs created by user linus.

Go on the client side, now and create a file and a directory

as user linus we check first how client see remote ACL...

client # getfacl group/
# file: group
# owner: root
# group: root
user::rwx
group::r-x
group:testgroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x

It seems to be all right

client # cd group

client # touch fileclient
client # getfacl fileclient
# file: fileclient
# owner: linus
# group: users
user::rw-
group::r-x #effective:r--
group:testgroup:rwx #effective:r--
mask::r--
other::r--

client # mkdir clientdir
client # getfacl clientdir/
# file: clientdir
# owner: linus
# group: users
user::rwx
group::r-x
group:testgroup:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:testgroup:rwx
default:mask::rwx
default:other::r-x

As you can see in this case the group testgroup doesn't have write permission on file and dirs. How can I fix this problem?

Thanks

< Previous Next >
This Thread
  • No further messages