From owner-freebsd-fs@FreeBSD.ORG Fri May 11 21:20:45 2012 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E60731065670 for ; Fri, 11 May 2012 21:20:45 +0000 (UTC) (envelope-from lists@hurricane-ridge.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id B48038FC08 for ; Fri, 11 May 2012 21:20:45 +0000 (UTC) Received: by dadv36 with SMTP id v36so4144504dad.13 for ; Fri, 11 May 2012 14:20:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=MCU4wzuib4VSpaCG4fjW420lc6gh9aPEqN5H5WOH5NQ=; b=mGE2rAQyJbD4Tur8L6mhcSWbolGv9w5GT8gp2aIqgMoUv+dMr01onVgSkLtyYg7Ujg RrAUw2AmpxDrViKLxj+CmKb/qeWOAJdsip+qQC6o0+e5rNGBf0sYKbgjFhaqOKRESRPP gmbU89FPn5kMhji7a38GPm8ZZqIcZ2ygu9hpx8h5UhFb8jZ04xdU729MQ0SsPqhv706n WH6iZVWla9ojtBTbp5MdKYSsmg6ykzDhpCUPqcFOt11t0auLBe8sPmWfFeGeY5JCCuBs qygtWpNMfsC5Q/+pS5dIOubeWRFoSgTIsozz9n3fslcTDgxsEezWikxUNMPoXUy49SDd fO2Q== MIME-Version: 1.0 Received: by 10.68.231.195 with SMTP id ti3mr34901066pbc.96.1336771245287; Fri, 11 May 2012 14:20:45 -0700 (PDT) Received: by 10.68.195.166 with HTTP; Fri, 11 May 2012 14:20:45 -0700 (PDT) X-Originating-IP: [209.124.184.194] In-Reply-To: <353146957.236642.1336684992583.JavaMail.root@erie.cs.uoguelph.ca> References: <1446179418.236280.1336684418582.JavaMail.root@erie.cs.uoguelph.ca> <353146957.236642.1336684992583.JavaMail.root@erie.cs.uoguelph.ca> Date: Fri, 11 May 2012 14:20:45 -0700 Message-ID: From: Andrew Leonard To: Rick Macklem Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQnHvOhbcOnxHx0EAENoHxOlS0H4JyfF1nnvGoAdjtifQ7tb8u3uTRcTm0KpbP+vJOwkaMu5 Cc: freebsd-fs@freebsd.org Subject: Re: Unable to set ACLs on ZFS file system over NFSv4? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2012 21:20:46 -0000 On Thu, May 10, 2012 at 2:23 PM, Rick Macklem wrote: > I wrote: >> If you capture a packet trace from before you do the NFSv4 mount, I >> can >> take a look and see what the server is saying. (Basically, at mount >> time >> a reply to a Getattr should including the supported attributes and >> that >> should include the ACL bit. Then the setfacl becomes a Setattr of the >> ACL >> attribute.) >> # tcpdump -s 0 -w acl.pcap host >> - run on the client should do it >> >> If you want to look at it, use wireshark. If you want me to look, just >> email acl.pcap as an attachment. >> >> rick >> ps: Although I suspect it is the server that isn't behaving, please >> use >> the FreeBSD client for the above. >> pss: I've cc'd trasz@ in case he can spot some reason why it wouldn't >> work. >> > Oh, and make sure "user1" isn't in more than 16 groups, because that is the > limit for AUTH_SYS. (I'm not sure what the effect of user1 being in more > than 16 groups would be, but might as well eliminate it as a cause.) Thanks, Rick - I'll send the pcap over private email, as I'm sure $DAYJOB would consider it somewhat sensitive. Looking in wireshark, if I'm reading it correctly, I don't see anything for FATTR4_ACL in any replies. On the final connection, I do see NFS4ERR_IO set as the status for the reply to the setattr - but from Googling, my understanding is that response is supposed to indicate a hard error, such as a hardware problem. Also, I have verified that "user1" is not a member of more than 16 groups, so we can rule that out - that user is in only three groups. -Andy