[opensuse] How do I set group rw on an nfs4 share?
When I create a file in an nfs4 share, I want it to be group rw. This is what I've tried so far: cat /etc/exports /home *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure) 1. Make a folder to share: hh3:/home/CACTUS # mkdir -m 770 dropbox hh3:/home/CACTUS # chown root:suseusers dropbox 2. Mount the share: hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt 3. Look at the acls: nfs4_getfacl /mnt/CACTUS/dropbox A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A::EVERYONE@:tcy Set an acl so that members of suseusers have rw on the share: hh3:/home/CACTUS # nfs4_setfacl -a A:g:suseusers@hh3.site:RW /mnt/CACTUS/dropbox hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/ A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A:g:suseusers@hh3.site:rwaDtcy A::EVERYONE@:tcy 4. Back in the unmounted directory, the acl + has appeared: hh3:/home/CACTUS # ls -la dropbox/ total 8 drwxrwx---+ 2 root suseusers 4096 Feb 19 10:55 . drwxr-xr-x 9 root root 4096 Feb 19 10:55 .. 5. On the mounted share, the acl + is not visible. steve6 can create a file but it is _not_ group rw: steve6@hh3:~> cd /mnt/CACTUS/dropbox/ steve6@hh3:/mnt/CACTUS/dropbox> touch hola.txt steve6@hh3:/mnt/CACTUS/dropbox> ls -la total 8 drwxrwx--- 2 root suseusers 4096 Feb 19 11:02 . drwxr-xr-x 9 root root 4096 Feb 19 10:55 .. -rw-r--r-- 1 steve6 suseusers 0 Feb 19 11:02 hola.txt Steps 1-5 were repeated with chmod g+s on /home/CACTUS/dropbox with the same outcome. 6. Recreate the share but this time with a posix acl: setfacl -d -m g::rw /home/CACTUS/dropbox steve6@hh3:/home/CACTUS> touch dropbox/h steve6@hh3:/home/CACTUS> ls -la dropbox/ total 8 drwxrws---+ 2 root suseusers 4096 Feb 19 11:13 . drwxr-xr-x 9 root root 4096 Feb 19 11:11 .. -rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h Now when steve6 creates a file it _is_ group rw. = posix acl is working. 7. Mount the new posix share and test again: hh3:/home/CACTUS #chmod g+s /home/CACTUS/dropbox hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/ A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A::EVERYONE@:tcy A:fdi:OWNER@:rwaDxtTcCy A:fdi:GROUP@:rwaDtcy A:fdi:EVERYONE@:tcy steve6@hh3:/mnt/CACTUS/dropbox> touch h2 steve6@hh3:/mnt/CACTUS/dropbox> ls -la total 8 drwxrws--- 2 root suseusers 4096 Feb 19 11:19 . drwxr-xr-x 9 root root 4096 Feb 19 11:11 .. -rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h -rw-r----- 1 steve6 suseusers 0 Feb 19 11:19 h2 hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/ A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A::EVERYONE@:tcy A:fdi:OWNER@:rwaDxtTcCy A:fdi:GROUP@:rwaDtcy A:fdi:EVERYONE@:tcy hh3:/home/CACTUS # nfs4_setfacl -a A:fdi:GROUP@:RWX /mnt/CACTUS/dropbox hh3:/home/CACTUS # nfs4_getfacl /mnt/CACTUS/dropbox/ A::OWNER@:rwaDxtTcCy A::GROUP@:rwaDxtcy A::EVERYONE@:tcy A:fdi:OWNER@:rwaDxtTcCy A:fdi:GROUP@:rwaDxtcy A:fdi:EVERYONE@:tcy steve6@hh3:/mnt/CACTUS/dropbox> touch h3 steve6@hh3:/mnt/CACTUS/dropbox> ls -la total 8 drwxrws--- 2 root suseusers 4096 Feb 19 11:21 . drwxr-xr-x 9 root root 4096 Feb 19 11:11 .. -rw-rw---- 1 steve6 suseusers 0 Feb 19 11:13 h -rw-r----- 1 steve6 suseusers 0 Feb 19 11:19 h2 -rw-r----- 1 steve6 suseusers 0 Feb 19 11:21 h3 Still no group rw on created files. = nfs4 acl is not working as expected. Workaround. Round peg, square hole: #!/bin/sh while true; do $(chmod -R g+w /home/CACTUS/dropbox); sleep 2; done Question: What am I missing? How do I set files created on an nfs4 share to take group rw? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/22/2012 12:08 PM, lynn pecked at the keyboard and wrote:
When I create a file in an nfs4 share, I want it to be group rw.
This is what I've tried so far: cat /etc/exports /home *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
1. Make a folder to share: hh3:/home/CACTUS # mkdir -m 770 dropbox hh3:/home/CACTUS # chown root:suseusers dropbox
2. Mount the share: hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
First look at the ACL's on the server and set them there to the way you want them. IIANM the "client" inherits the settings of the "server". -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/22/2012 06:17 PM, Ken Schneider - openSUSE wrote:
On 02/22/2012 12:08 PM, lynn pecked at the keyboard and wrote:
When I create a file in an nfs4 share, I want it to be group rw.
This is what I've tried so far: cat /etc/exports /home *(rw,no_root_squash,sec=none:sys:krb5:krb5i:krb5p,no_subtree_check,insecure)
1. Make a folder to share: hh3:/home/CACTUS # mkdir -m 770 dropbox hh3:/home/CACTUS # chown root:suseusers dropbox
2. Mount the share: hh3:/home/CACTUS # mount -t nfs4 hh3:/home /mnt
First look at the ACL's on the server and set them there to the way you want them. IIANM the "client" inherits the settings of the "server".
Hi Unfortunately the client does not inherit the acls from the server. I've tried setting the posix acl's on the server. They are correctly mapped to nfs4 acls on the client. The unmounted acls work as expected, but once exported, they lose the acl. I've also tried with no acls set, mounting the share to /mnt on the server and setting the nfs4 acl's whilst mounted. The acl + appears on the unmounted folder but once again it is as if no acl has been set at all when working on the mounted share. So far, I've also drawn a blank on the nfs kernel list and the samba list:-( Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Answer from the nfs kernel gurus: You don't. nfs4 acl's do not override umask. You have umask 0022? Tough. Wonderful:-( L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Ken Schneider - openSUSE -
lynn