Date: Mon, 6 Dec 2010 18:06:42 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Joe Auty <joe@netmusician.org> Cc: freebsd-fs@freebsd.org, =?utf-8?Q?Edward_Tomasz_Napiera=C5=82a?= <trasz@FreeBSD.org> Subject: Re: Migrating from NFSv3 to v4 - NFSv4 ACL/permission confusion Message-ID: <1566415453.1261550.1291676802011.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <4CFD679C.7020804@netmusician.org>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_1261549_523196553.1291676802010 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit > Rick Macklem wrote: > > > > So, if I want to just ignore the NFSv4 ACLs on account of not needing > anything beyond the POSIX ACLs, I'm free to do so without > consequence... Correct? Well, NFSv4 won't be able to manipulate POSIX > ACLs (really POSIX.1e draft which was never ratified and, as such, > isn't a POSIX standard as I understand it). If you meant "beyond > chmod" then I think you will be ok, but I haven't used ZFS, so?? > Well, chmods and POSIX.1e ACLs work fine in NFSv3 with the same ZFS > server and everything else being the same on the FreeBSD site, so I > don't think that ZFS is the problem here unless ZFS has some sort of > NFSv4 host bug. > Ok, it depends on your definition of "works". I guess you mean that the ACLs define the protection applied to the file and can be manipulated locally on the server (or using chmod, given its limitations). NFSv3 knows nothing about ACLs, although Sun has an unpublished side-band protocol that allows a client that knows this protocol (FreeBSD's client doesn't) to manipulate the ACLs. For NFSv4, all the client does is allow the NFSv4 ACLs (not the POSIX.1e draft ones) to be manipulated via getfacl/setfacl at the client side. (It just translates the NFSv4 ACL between the form used by VOP_xxx() and the form that goes on the wire.) Generally the NFS server (at least a FreeBSD one) will simply expect the underlying VOP_xxx() calls to handle checking of the ACL. VOP_ACCESSX() is the main one for FreeBSD-CURRENT. (That's why I know diddly about ACLs, because NFS doesn't need to know about them:-) rick ------=_Part_1261549_523196553.1291676802010--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1566415453.1261550.1291676802011.JavaMail.root>