Date: Wed, 9 May 2012 15:04:13 -0700 From: Andrew Leonard <lists@hurricane-ridge.com> To: freebsd-fs@freebsd.org Subject: Unable to set ACLs on ZFS file system over NFSv4? Message-ID: <CADUQDp9ytTTUqRvqzySBfugkqL56okEgZOOs_vvbKmOYi=mL0Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a ZFS file system on which I can successfully manipulate ACLs locally, but am unable to do so when it is mounted remotely using NFSv4 on both FreeBSD and Linux (CentOS 5) clients. The system in question is running 8-STABLE: FreeBSD zfs07.example.com 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu Nov 17 17:46:00 PST 2011 root@zfs07.example.com:/usr/obj/usr/src/sys/GENERIC amd64 ACLs can be successfully manipulated locally; e.g. the following returns no error and works as expected: > setfacl -m g:group2:rwxpDaRWcs:fd:allow /tank01/ngs/test.dir The file system is exported as follows in /etc/exports: /tank01/ngs -sec=sys V4: /tank01 -sec=sys On the FreeBSD client, it is mounted using NFSv4, and behaves as follows under the same user (sanitized to "user1", who is in "group1"): > whoami user1 > groups group1 [...] > mount | grep /mnt zfs07b:/ngs on /mnt (newnfs, nfsv4acls) > getfacl /mnt/test2.dir # file: /mnt/test2.dir # owner: user1 # group: group1 group:group1:rwxpDdaARWcCo-:fd----:allow owner@:rwxp--aARWcCo-:------:allow group@:r-x---a-R-c---:------:allow everyone@:r-x---a-R-c---:------:allow > setfacl -m g:group2:rwxpDaRWcs:fd:allow /mnt/test2.dir setfacl: /mnt/test2.dir: acl_set_file() failed: Input/output error In all other respects, ACLs appear to be honored over NFSv4 - the user can access, create, modify and delete files as expected, and ACLs are appropriately inherited - the ACLs just cannot be manipulated. Linux client behavior is functionally identical: > mount | grep /mnt zfs07b:/ngs on /mnt type nfs4 (rw,addr=192.168.x.y) > nfs4_setfacl -a A:gfd:group2:rwxaDdtnNcy test2.dir Failed setxattr operation: Input/output error Is this a misconfiguration on my part, a known limitation, or a bug? More details: > zfs get version tank01/ngs NAME PROPERTY VALUE SOURCE tank01/ngs version 5 - > zpool get version tank01 NAME PROPERTY VALUE SOURCE tank01 version 28 default > zfs get all tank01/ngs NAME PROPERTY VALUE SOURCE tank01/ngs type filesystem - tank01/ngs creation Tue May 1 16:15 2012 - tank01/ngs used 61.6G - tank01/ngs available 4.47T - tank01/ngs referenced 33.8G - tank01/ngs compressratio 4.23x - tank01/ngs mounted yes - tank01/ngs quota none default tank01/ngs reservation none default tank01/ngs recordsize 128K default tank01/ngs mountpoint /tank01/ngs default tank01/ngs sharenfs off default tank01/ngs checksum on default tank01/ngs compression gzip local tank01/ngs atime on default tank01/ngs devices on default tank01/ngs exec on default tank01/ngs setuid off inherited from tank01 tank01/ngs readonly off default tank01/ngs jailed off default tank01/ngs snapdir hidden default tank01/ngs aclmode passthrough local tank01/ngs aclinherit passthrough-x local tank01/ngs canmount on default tank01/ngs xattr off temporary tank01/ngs copies 1 default tank01/ngs version 5 - tank01/ngs utf8only off - tank01/ngs normalization none - tank01/ngs casesensitivity sensitive - tank01/ngs vscan off default tank01/ngs nbmand off default tank01/ngs sharesmb off default tank01/ngs refquota none default tank01/ngs refreservation none default tank01/ngs primarycache all default tank01/ngs secondarycache all default tank01/ngs usedbysnapshots 27.8G - tank01/ngs usedbydataset 33.8G - tank01/ngs usedbychildren 0 - tank01/ngs usedbyrefreservation 0 - tank01/ngs logbias latency default tank01/ngs dedup off default tank01/ngs mlslabel - tank01/ngs sync standard default tank01/ngs refcompressratio 4.14x - > egrep 'nfs|zfs' /etc/rc.conf.local nfscbd_enable="YES" nfs_client_enable="YES" nfsuserd_enable="YES" nfsv4_server_enable="YES" nfs_server_enable="YES" zfs_enable="YES" Thanks, Andy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUQDp9ytTTUqRvqzySBfugkqL56okEgZOOs_vvbKmOYi=mL0Q>