Date: Mon, 6 Dec 2010 23:54:41 +0100 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: Joe Auty <joe@netmusician.org> Cc: freebsd-fs@freebsd.org Subject: Re: Migrating from NFSv3 to v4 - NFSv4 ACL/permission confusion Message-ID: <BA423A2B-DE0D-41D1-BEAF-FCE3C5BE2538@FreeBSD.org> In-Reply-To: <4CFD6808.8010004@netmusician.org> References: <1124305635.1255931.1291670668724.JavaMail.root@erie.cs.uoguelph.ca> <4CFD5D73.1050601@netmusician.org> <F8F7A4F9-7E1F-4B32-98D3-F595063238D7@FreeBSD.org> <4CFD6506.7090901@netmusician.org> <408E7ECD-C232-47DD-9D24-389F2CA4E406@FreeBSD.org> <4CFD6808.8010004@netmusician.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=B6=E6 napisana przez Joe Auty w dniu 2010-12-06, o godz. 23:47: > Edward Tomasz Napiera=B3a wrote: >> Wiadomo=B6=E6 napisana przez Joe Auty w dniu 2010-12-06, o godz. = 23:34: >>> Edward Tomasz Napiera=B3a wrote: >>>> Wiadomo=B6=E6 napisana przez Joe Auty w dniu 2010-12-06, o godz. = 23:02: >>>>>> Also, make sure "ls -l" is not reporting "nobody". If the = user/group >>>>>> name mapping isn't working, most Setattr Ops will fail. >>>>>>=20 >>>>>> rick >>>>>>=20 >>>>> Thanks Rick, >>>>>=20 >>>>> I will look into this, but for the benefit of my own education, = are >>>>> NFSv4 ACLs supposed to be intertwined or separate from standard = Unix >>>>> permissions? I'm confused as to how the ACLs have changed from v3, = or if >>>>> this is even relevant to my problem not really knowing how they = work and >>>>> why they are needed :) >>>> Both POSIX.1e and NFSv4 ACLs are similar in that they both = influence >>>> the mode, and get influenced by it. In other words, when you = change >>>> the ACL, the mode gets updated; when you change the mode, the ACL = gets >>>> updated. Also, for both POSIX.1e and NFSv4 ACLs, file mode = continues >>>> to work as usual if you ignore the ACL part. >>>>=20 >>> Thanks for this! >>>=20 >>> So, if I want to just ignore the NFSv4 ACLs on account of not = needing >>> anything beyond the POSIX ACLs, I'm free to do so without = consequence... >>> Correct? >>=20 >> If you want to just ignore the ACLs on account of not needing = anything >> beyond the file mode, aka standard UNIX permissions. Filesystems >> support either POSIX.1e ACLs, or NFSv4 ACLs, not both. I didn't >> actually test NFSv4, but I guess it uses NFSv4 ACLs, not POSIX.1e. >> ZFS supports NFSv4 only. UFS supports either POSIX.1e or NFSv4, >> depending on the mount options. > I might be misunderstanding you, but ZFS definitely supports NFSv3 > because I've been mounting and using NFS volumes via this protocol > version for quite some time now without incident. Let me rephrase: ZFS only supports NFSv4 ACLs, it does not support POSIX.1e ACLs. Since ACLs are not a mandatory element of filesystem, sharing ZFS over NFSv3 works, but the client has no way to manipulate the ACLs or retrieve them. When sharing ZFS over NFSv4, the NFSv4 ACLs should work, I guess. Still, I'm not sure if the problem is actually ACL-related. -- If you cut off my head, what would I say? Me and my head, or me and my = body?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BA423A2B-DE0D-41D1-BEAF-FCE3C5BE2538>