From owner-freebsd-fs@FreeBSD.ORG Wed May 9 22:04:14 2012 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34EF7106567A for ; Wed, 9 May 2012 22:04:14 +0000 (UTC) (envelope-from lists@hurricane-ridge.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id E43EA8FC18 for ; Wed, 9 May 2012 22:04:13 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1136797vbm.13 for ; Wed, 09 May 2012 15:04:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=UtyDRBuCnoOfD09bl97pkolHm7gwOd8JQ+XFWrXUEn0=; b=MbLiJGnJf6WC3LqeZCqoQ51GnBFV8fleeJLA6ghDl7CVrIZ7ENQnkifkQ54lQo6MCg QSwl8aorgC6Ny55d0HQhHxgl8qMgVHvQUMkHN7q4gsWf9CmSKmFdGBrbnW6wkjp7Fpjb YNatKNNzvU8ZMASEBLaT+rq3lY3thsd42Omv9KR+R1eFGWPwkcZ0YAk6pyuNF/bOIsf8 aFVXt6KqCsZp65Z3TpiAoCjoFLB3Fiqqfcg2S/saAzKRW7DPcm8rJ88iUchBLyqfJCwz +pyJR3rvCudGYuRZjNmfaHa8Cn5v+XM6GgZXRPKjlwoKskdbDjiO48K6uqUJpFmMb+OK eZxA== MIME-Version: 1.0 Received: by 10.52.100.67 with SMTP id ew3mr874556vdb.36.1336601053287; Wed, 09 May 2012 15:04:13 -0700 (PDT) Received: by 10.220.22.199 with HTTP; Wed, 9 May 2012 15:04:13 -0700 (PDT) X-Originating-IP: [98.247.224.125] Date: Wed, 9 May 2012 15:04:13 -0700 Message-ID: From: Andrew Leonard To: freebsd-fs@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQm2Oa11BZev8vdWQGPxusZARaciS3SEWCTiU0MysX7eFrG+nOhFdyizd2gHjKN0OR+jSr5m Subject: Unable to set ACLs on ZFS file system over NFSv4? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2012 22:04:14 -0000 I have a ZFS file system on which I can successfully manipulate ACLs locally, but am unable to do so when it is mounted remotely using NFSv4 on both FreeBSD and Linux (CentOS 5) clients. The system in question is running 8-STABLE: FreeBSD zfs07.example.com 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu Nov 17 17:46:00 PST 2011 root@zfs07.example.com:/usr/obj/usr/src/sys/GENERIC amd64 ACLs can be successfully manipulated locally; e.g. the following returns no error and works as expected: > setfacl -m g:group2:rwxpDaRWcs:fd:allow /tank01/ngs/test.dir The file system is exported as follows in /etc/exports: /tank01/ngs -sec=sys V4: /tank01 -sec=sys On the FreeBSD client, it is mounted using NFSv4, and behaves as follows under the same user (sanitized to "user1", who is in "group1"): > whoami user1 > groups group1 [...] > mount | grep /mnt zfs07b:/ngs on /mnt (newnfs, nfsv4acls) > getfacl /mnt/test2.dir # file: /mnt/test2.dir # owner: user1 # group: group1 group:group1:rwxpDdaARWcCo-:fd----:allow owner@:rwxp--aARWcCo-:------:allow group@:r-x---a-R-c---:------:allow everyone@:r-x---a-R-c---:------:allow > setfacl -m g:group2:rwxpDaRWcs:fd:allow /mnt/test2.dir setfacl: /mnt/test2.dir: acl_set_file() failed: Input/output error In all other respects, ACLs appear to be honored over NFSv4 - the user can access, create, modify and delete files as expected, and ACLs are appropriately inherited - the ACLs just cannot be manipulated. Linux client behavior is functionally identical: > mount | grep /mnt zfs07b:/ngs on /mnt type nfs4 (rw,addr=192.168.x.y) > nfs4_setfacl -a A:gfd:group2:rwxaDdtnNcy test2.dir Failed setxattr operation: Input/output error Is this a misconfiguration on my part, a known limitation, or a bug? More details: > zfs get version tank01/ngs NAME PROPERTY VALUE SOURCE tank01/ngs version 5 - > zpool get version tank01 NAME PROPERTY VALUE SOURCE tank01 version 28 default > zfs get all tank01/ngs NAME PROPERTY VALUE SOURCE tank01/ngs type filesystem - tank01/ngs creation Tue May 1 16:15 2012 - tank01/ngs used 61.6G - tank01/ngs available 4.47T - tank01/ngs referenced 33.8G - tank01/ngs compressratio 4.23x - tank01/ngs mounted yes - tank01/ngs quota none default tank01/ngs reservation none default tank01/ngs recordsize 128K default tank01/ngs mountpoint /tank01/ngs default tank01/ngs sharenfs off default tank01/ngs checksum on default tank01/ngs compression gzip local tank01/ngs atime on default tank01/ngs devices on default tank01/ngs exec on default tank01/ngs setuid off inherited from tank01 tank01/ngs readonly off default tank01/ngs jailed off default tank01/ngs snapdir hidden default tank01/ngs aclmode passthrough local tank01/ngs aclinherit passthrough-x local tank01/ngs canmount on default tank01/ngs xattr off temporary tank01/ngs copies 1 default tank01/ngs version 5 - tank01/ngs utf8only off - tank01/ngs normalization none - tank01/ngs casesensitivity sensitive - tank01/ngs vscan off default tank01/ngs nbmand off default tank01/ngs sharesmb off default tank01/ngs refquota none default tank01/ngs refreservation none default tank01/ngs primarycache all default tank01/ngs secondarycache all default tank01/ngs usedbysnapshots 27.8G - tank01/ngs usedbydataset 33.8G - tank01/ngs usedbychildren 0 - tank01/ngs usedbyrefreservation 0 - tank01/ngs logbias latency default tank01/ngs dedup off default tank01/ngs mlslabel - tank01/ngs sync standard default tank01/ngs refcompressratio 4.14x - > egrep 'nfs|zfs' /etc/rc.conf.local nfscbd_enable="YES" nfs_client_enable="YES" nfsuserd_enable="YES" nfsv4_server_enable="YES" nfs_server_enable="YES" zfs_enable="YES" Thanks, Andy