From owner-freebsd-questions@FreeBSD.ORG Mon Oct 11 10:10:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0F0816A4CE for ; Mon, 11 Oct 2004 10:10:33 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2927543D5A for ; Mon, 11 Oct 2004 10:10:32 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i9BAAOdV026772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 11 Oct 2004 11:10:24 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i9BAAOHb026771; Mon, 11 Oct 2004 11:10:24 +0100 (BST) (envelope-from matthew) Date: Mon, 11 Oct 2004 11:10:24 +0100 From: Matthew Seaman To: Jamie Heckford Message-ID: <20041011101024.GA38555@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Jamie Heckford , freebsd-questions@freebsd.org References: <099D8730F34B9A41B598D18F763555FA09E94A@exchange.trident-uk.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <099D8730F34B9A41B598D18F763555FA09E94A@exchange.trident-uk.co.uk> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Mon, 11 Oct 2004 11:10:24 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version 0.75l on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: Mixing fBSD 4 and 5 - NFS ACL's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 10:10:33 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote: > I need to use the new ACL feature on one of our servers..... However the > data doesn't reside on the server that its being served from it is > mounted via NFS. >=20 > Im guessing I will need to install fBSD5 on the two servers I want to > use ACL on, but will the other fBSD4 servers still be able to use NFS ok > (they don't need to use ACL)?? >=20 > Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and > also, how stable is / does ACL even work between to fBSD5 machines using > NFS? See http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html under the 'Desired Features for 5.3-RELEASE' section: | | | | Currently, MAC | | | | | protections are | | | | | enforced only on | | | | | locally originated | | | | | file system | | | | | operations (VOPs), | | | | | and not on RPCs | | | | | generated via the | | | | | NFS server. | | MAC support for | | | Improvements in NFS | | NFS Server | Not done | Robert Watson | server credential | | | | | handling are | | | | | required to correct | | | | | this problem, as | | | | | well as the | | | | | introduction of new | | | | | entry points to | | | | | properly label NFS | | | | | credentials and | | | | | perform enforcement | | | | | properly. | So the only possibility for ACL support over NFS is going to be a 5.x release, but seeing as it hasn't been included yet, probably not 5.3-RELEASE. One possible route around that would be to use GEOM Gate -- that's a system rather like iSCSI or Linux's DRDB, where the server exports a disk device, rather than a filesystem. This is a standard part of 5.x now, and will be in 5.3-RELEASE, but it's still very new, so test carefully before putting it onto important servers. See:=20 http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html http://www.freebsd.org/cgi/man.cgi?query=3Dggatec&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml http://www.freebsd.org/cgi/man.cgi?query=3Dggated&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml http://www.freebsd.org/cgi/man.cgi?query=3Dggatel&apropos=3D0&sektion=3D= 0&manpath=3DFreeBSD+6.0-current&format=3Dhtml A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS server. FreeBSD 4.x has no support for GEOM Gate though. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBalwQiD657aJF7eIRAkyUAJ4pHbv8NGfo+DFIu4bFT2cERpIvgACgkJ3c 8ytOQk+wxpyzvxJXoDGDhU4= =Ceqp -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--