Date: Wed, 9 May 2012 15:04:13 -0700 From: Andrew Leonard <lists@hurricane-ridge.com> To: freebsd-fs@freebsd.org Subject: Unable to set ACLs on ZFS file system over NFSv4? Message-ID: <CADUQDp9ytTTUqRvqzySBfugkqL56okEgZOOs_vvbKmOYi=mL0Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a ZFS file system on which I can successfully manipulate ACLs
locally, but am unable to do so when it is mounted remotely using
NFSv4 on both FreeBSD and Linux (CentOS 5) clients.
The system in question is running 8-STABLE:
FreeBSD zfs07.example.com 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu Nov 17
17:46:00 PST 2011
root@zfs07.example.com:/usr/obj/usr/src/sys/GENERIC amd64
ACLs can be successfully manipulated locally; e.g. the following
returns no error and works as expected:
> setfacl -m g:group2:rwxpDaRWcs:fd:allow /tank01/ngs/test.dir
The file system is exported as follows in /etc/exports:
/tank01/ngs -sec=sys
V4: /tank01 -sec=sys
On the FreeBSD client, it is mounted using NFSv4, and behaves as
follows under the same user (sanitized to "user1", who is in
"group1"):
> whoami
user1
> groups
group1 [...]
> mount | grep /mnt
zfs07b:/ngs on /mnt (newnfs, nfsv4acls)
> getfacl /mnt/test2.dir
# file: /mnt/test2.dir
# owner: user1
# group: group1
group:group1:rwxpDdaARWcCo-:fd----:allow
owner@:rwxp--aARWcCo-:------:allow
group@:r-x---a-R-c---:------:allow
everyone@:r-x---a-R-c---:------:allow
> setfacl -m g:group2:rwxpDaRWcs:fd:allow /mnt/test2.dir
setfacl: /mnt/test2.dir: acl_set_file() failed: Input/output error
In all other respects, ACLs appear to be honored over NFSv4 - the user
can access, create, modify and delete files as expected, and ACLs are
appropriately inherited - the ACLs just cannot be manipulated.
Linux client behavior is functionally identical:
> mount | grep /mnt
zfs07b:/ngs on /mnt type nfs4 (rw,addr=192.168.x.y)
> nfs4_setfacl -a A:gfd:group2:rwxaDdtnNcy test2.dir
Failed setxattr operation: Input/output error
Is this a misconfiguration on my part, a known limitation, or a bug?
More details:
> zfs get version tank01/ngs
NAME PROPERTY VALUE SOURCE
tank01/ngs version 5 -
> zpool get version tank01
NAME PROPERTY VALUE SOURCE
tank01 version 28 default
> zfs get all tank01/ngs
NAME PROPERTY VALUE SOURCE
tank01/ngs type filesystem -
tank01/ngs creation Tue May 1 16:15 2012 -
tank01/ngs used 61.6G -
tank01/ngs available 4.47T -
tank01/ngs referenced 33.8G -
tank01/ngs compressratio 4.23x -
tank01/ngs mounted yes -
tank01/ngs quota none default
tank01/ngs reservation none default
tank01/ngs recordsize 128K default
tank01/ngs mountpoint /tank01/ngs default
tank01/ngs sharenfs off default
tank01/ngs checksum on default
tank01/ngs compression gzip local
tank01/ngs atime on default
tank01/ngs devices on default
tank01/ngs exec on default
tank01/ngs setuid off inherited from tank01
tank01/ngs readonly off default
tank01/ngs jailed off default
tank01/ngs snapdir hidden default
tank01/ngs aclmode passthrough local
tank01/ngs aclinherit passthrough-x local
tank01/ngs canmount on default
tank01/ngs xattr off temporary
tank01/ngs copies 1 default
tank01/ngs version 5 -
tank01/ngs utf8only off -
tank01/ngs normalization none -
tank01/ngs casesensitivity sensitive -
tank01/ngs vscan off default
tank01/ngs nbmand off default
tank01/ngs sharesmb off default
tank01/ngs refquota none default
tank01/ngs refreservation none default
tank01/ngs primarycache all default
tank01/ngs secondarycache all default
tank01/ngs usedbysnapshots 27.8G -
tank01/ngs usedbydataset 33.8G -
tank01/ngs usedbychildren 0 -
tank01/ngs usedbyrefreservation 0 -
tank01/ngs logbias latency default
tank01/ngs dedup off default
tank01/ngs mlslabel -
tank01/ngs sync standard default
tank01/ngs refcompressratio 4.14x -
> egrep 'nfs|zfs' /etc/rc.conf.local
nfscbd_enable="YES"
nfs_client_enable="YES"
nfsuserd_enable="YES"
nfsv4_server_enable="YES"
nfs_server_enable="YES"
zfs_enable="YES"
Thanks,
Andy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUQDp9ytTTUqRvqzySBfugkqL56okEgZOOs_vvbKmOYi=mL0Q>