Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 06 Dec 2010 18:21:13 -0500
From:      Joe Auty <joe@netmusician.org>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        freebsd-fs@freebsd.org, =?ISO-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org>
Subject:   Re: Migrating from NFSv3 to v4 - NFSv4 ACL/permission confusion
Message-ID:  <4CFD6FE9.4020406@netmusician.org>
In-Reply-To: <1515785960.1261915.1291677440081.JavaMail.root@erie.cs.uoguelph.ca>
References:  <1515785960.1261915.1291677440081.JavaMail.root@erie.cs.uoguelph.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
Rick Macklem wrote:
>> I might be misunderstanding you, but ZFS definitely supports NFSv3
>> because I've been mounting and using NFS volumes via this protocol
>> version for quite some time now without incident.
>>
> Yep, but you couldn't do a getfacl or setfacl in the client to
> manipulate the ACLs. On an NFSv4 mount, you should be able to do
> a getfacl or setfacl if the volume on the server supports NFSv4 ACLs.
>
> I suspect the failing "chown" doesn't have anything to do with ACLs.
> (It might be that the server doesn't know "joe" as a user, for example.
>  In NFSv3, it would have sent "joe's" uid to the server, which is just
>  a number it always trusts. For NFSv4, it will have sent "joe@<your.domain>"
>  to the server and the NFS server must then know "joe" so it can turn
>  that into "joe's" uid.)
>
> It just hit me that you said "joe" was a local user in the client?
> (For NFSv4 to work, the user names must be in the server's passwd
>  database as well. Usually all the clients and servers share the
>  same user and group databases via LDAP or NIS, but you can just
>  copy /etc/passwd and /etc/group entries around, if you like.
>  After updating the server's /etc/passwd or /etc/group, I don't
>  know what you need to do to get Solaris's NFSv4 server to see the
>  update. I always just reboot it. For a FreeBSD server, it should
>  find additions. For deletions or changes to an entry, you can
>  either wait for it to time out the cache or kill/restart the nfsuserd.)
>
> rick
>
Aha! Progress...

This requirement is problematic for me right now for a variety of
reasons including that I'm not using LDAP or NIS (although I will in the
future). Is there anyway to get NFSv4 to behave like v3 in this respect
so that these users don't need to exist on the NFS server side?




-- 
Joe Auty, NetMusician
NetMusician helps musicians, bands and artists create beautiful,
professional, custom designed, career-essential websites that are easy
to maintain and to integrate with popular social networks.
www.netmusician.org <http://www.netmusician.org>;
joe@netmusician.org <mailto:joe@netmusician.org>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CFD6FE9.4020406>