Date: Mon, 11 Oct 2004 11:10:24 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jamie Heckford <jamie@tridentmicrosystems.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: Mixing fBSD 4 and 5 - NFS ACL's Message-ID: <20041011101024.GA38555@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <099D8730F34B9A41B598D18F763555FA09E94A@exchange.trident-uk.co.uk> References: <099D8730F34B9A41B598D18F763555FA09E94A@exchange.trident-uk.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote: > I need to use the new ACL feature on one of our servers..... However the > data doesn't reside on the server that its being served from it is > mounted via NFS. >=20 > Im guessing I will need to install fBSD5 on the two servers I want to > use ACL on, but will the other fBSD4 servers still be able to use NFS ok > (they don't need to use ACL)?? >=20 > Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and > also, how stable is / does ACL even work between to fBSD5 machines using > NFS? See http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html under the 'Desired Features for 5.3-RELEASE' section: | | | | Currently, MAC | | | | | protections are | | | | | enforced only on | | | | | locally originated | | | | | file system | | | | | operations (VOPs), | | | | | and not on RPCs | | | | | generated via the | | | | | NFS server. | | MAC support for | | | Improvements in NFS | | NFS Server | Not done | Robert Watson | server credential | | | | | handling are | | | | | required to correct | | | | | this problem, as | | | | | well as the | | | | | introduction of new | | | | | entry points to | | | | | properly label NFS | | | | | credentials and | | | | | perform enforcement | | | | | properly. | So the only possibility for ACL support over NFS is going to be a 5.x release, but seeing as it hasn't been included yet, probably not 5.3-RELEASE. One possible route around that would be to use GEOM Gate -- that's a system rather like iSCSI or Linux's DRDB, where the server exports a disk device, rather than a filesystem. This is a standard part of 5.x now, and will be in 5.3-RELEASE, but it's still very new, so test carefully before putting it onto important servers. See:=20 http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html http://www.freebsd.org/cgi/man.cgi?query=3Dggatec&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml http://www.freebsd.org/cgi/man.cgi?query=3Dggated&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml http://www.freebsd.org/cgi/man.cgi?query=3Dggatel&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS server. FreeBSD 4.x has no support for GEOM Gate though. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBalwQiD657aJF7eIRAkyUAJ4pHbv8NGfo+DFIu4bFT2cERpIvgACgkJ3c 8ytOQk+wxpyzvxJXoDGDhU4= =Ceqp -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041011101024.GA38555>