Date: Mon, 06 Dec 2010 17:34:46 -0500 From: Joe Auty <joe@netmusician.org> To: =?UTF-8?B?RWR3YXJkIFRvbWFzeiBOYXBpZXJhxYJh?= <trasz@FreeBSD.org> Cc: freebsd-fs@freebsd.org Subject: Re: Migrating from NFSv3 to v4 - NFSv4 ACL/permission confusion Message-ID: <4CFD6506.7090901@netmusician.org> In-Reply-To: <F8F7A4F9-7E1F-4B32-98D3-F595063238D7@FreeBSD.org> References: <1124305635.1255931.1291670668724.JavaMail.root@erie.cs.uoguelph.ca> <4CFD5D73.1050601@netmusician.org> <F8F7A4F9-7E1F-4B32-98D3-F595063238D7@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Edward Tomasz Napiera=C5=82a wrote: > Wiadomo=C5=9B=C4=87 napisana przez Joe Auty w dniu 2010-12-06, o godz. = 23:02: >> Rick Macklem wrote: >>> I don't know anything about ZFS, but you could try getfacl/setfacl on= the >>> client and see what happens? >>> >>> Edward Napierala (trasz@freebsd.org) did commit a recent change w.r.t= . >>> NFSv4 ACLs and I remember the discussion saying something like "after >>> this change, chmod no longer does anything once ACLs are enabled, but= I >>> have no idea if it is relevant. > > Erm, no. There is a change in the queue that will change chmod behavio= ur > wrt. ACLs, but 1. it's not committed yet, and 2. chmod will continue to > work. > >>> Also, make sure "ls -l" is not reporting "nobody". If the user/group >>> name mapping isn't working, most Setattr Ops will fail. >>> >>> rick >>> >> Thanks Rick, >> >> I will look into this, but for the benefit of my own education, are >> NFSv4 ACLs supposed to be intertwined or separate from standard Unix >> permissions? I'm confused as to how the ACLs have changed from v3, or = if >> this is even relevant to my problem not really knowing how they work a= nd >> why they are needed :) > > Both POSIX.1e and NFSv4 ACLs are similar in that they both influence > the mode, and get influenced by it. In other words, when you change > the ACL, the mode gets updated; when you change the mode, the ACL gets > updated. Also, for both POSIX.1e and NFSv4 ACLs, file mode continues > to work as usual if you ignore the ACL part. > Thanks for this! So, if I want to just ignore the NFSv4 ACLs on account of not needing anything beyond the POSIX ACLs, I'm free to do so without consequence... Correct? > Good introduction might be the setfacl(1) manual page. > > -- > If you cut off my head, what would I say? Me and my head, or me and my= body? > --=20 Joe Auty, NetMusician NetMusician helps musicians, bands and artists create beautiful, professional, custom designed, career-essential websites that are easy to maintain and to integrate with popular social networks. www.netmusician.org <http://www.netmusician.org>; joe@netmusician.org <mailto:joe@netmusician.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CFD6506.7090901>