Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 May 2012 14:20:45 -0700
From:      Andrew Leonard <lists@hurricane-ridge.com>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: Unable to set ACLs on ZFS file system over NFSv4?
Message-ID:  <CADUQDp-QHqXtRtTQfm4y7sEZhZeesR0=WBiUWP39XUzr92gUXg@mail.gmail.com>
In-Reply-To: <353146957.236642.1336684992583.JavaMail.root@erie.cs.uoguelph.ca>
References:  <1446179418.236280.1336684418582.JavaMail.root@erie.cs.uoguelph.ca> <353146957.236642.1336684992583.JavaMail.root@erie.cs.uoguelph.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 10, 2012 at 2:23 PM, Rick Macklem <rmacklem@uoguelph.ca> wrote:

> I wrote:

>> If you capture a packet trace from before you do the NFSv4 mount, I
>> can
>> take a look and see what the server is saying. (Basically, at mount
>> time
>> a reply to a Getattr should including the supported attributes and
>> that
>> should include the ACL bit. Then the setfacl becomes a Setattr of the
>> ACL
>> attribute.)
>> # tcpdump -s 0 -w acl.pcap host <server>
>> - run on the client should do it
>>
>> If you want to look at it, use wireshark. If you want me to look, just
>> email acl.pcap as an attachment.
>>
>> rick
>> ps: Although I suspect it is the server that isn't behaving, please
>> use
>> the FreeBSD client for the above.
>> pss: I've cc'd trasz@ in case he can spot some reason why it wouldn't
>> work.
>>
> Oh, and make sure "user1" isn't in more than 16 groups, because that is the
> limit for AUTH_SYS. (I'm not sure what the effect of user1 being in more
> than 16 groups would be, but might as well eliminate it as a cause.)

Thanks, Rick - I'll send the pcap over private email, as I'm sure
$DAYJOB would consider it somewhat sensitive.

Looking in wireshark, if I'm reading it correctly, I don't see
anything for FATTR4_ACL in any replies.  On the final connection, I do
see NFS4ERR_IO set as the status for the reply to the setattr - but
from Googling, my understanding is that response is supposed to
indicate a hard error, such as a hardware problem.

Also, I have verified that "user1" is not a member of more than 16
groups, so we can rule that out - that user is in only three groups.

-Andy



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUQDp-QHqXtRtTQfm4y7sEZhZeesR0=WBiUWP39XUzr92gUXg>