FS#57738 - nfs4 client default ACL lost
Attached to Project:
Arch Linux
Opened by Richard PALO (risto3) - Wednesday, 07 March 2018, 10:59 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 07 March 2018, 20:38 GMT
Opened by Richard PALO (risto3) - Wednesday, 07 March 2018, 10:59 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 07 March 2018, 20:38 GMT
|
Details
Description:
We're experiencing issues with default ACLs. Server side: $ uname -a Linux smicro 4.14.23-1-lts #1 SMP Wed Feb 28 17:50:05 CET 2018 x86_64 GNU/Linux $ zfs get aclinherit,acltype,xattr dpool/export/home/richard NAME PROPERTY VALUE SOURCE dpool/export/home/richard aclinherit passthrough local dpool/export/home/richard acltype posixacl inherited from dpool dpool/export/home/richard xattr sa inherited from dpool $ zfs get sharenfs dpool/export/home/richard NAME PROPERTY VALUE SOURCE dpool/export/home/richard sharenfs rw=@192.168.0.0/23 local Client side: $ uname -a Linux odroid-001e0633a722 3.14.79-28-ARCH #1 SMP PREEMPT Tue Nov 28 20:47:59 MST 2017 aarch64 GNU/Linux Additional info: * package version(s) $ pacman -Ss zfs |grep install archzfs/spl-dkms 0.7.6-1 (archzfs-dkms) [installé] archzfs/spl-utils-common 0.7.6-2 (archzfs-linux) [installé] archzfs/zfs-dkms 0.7.6-1 (archzfs-dkms) [installé] archzfs/zfs-utils-common 0.7.6-2 (archzfs-linux) [installé] * config and/or log files etc. Steps to reproduce: server side: $ mkdir testdacl $ setfacl -R -dm u::rwx,g::rwx,o::--- testdacl/ $ setfacl -R -m u::rwx,g::rwx,o::--- testdacl/ $ getfacl testdacl/ # file: testdacl/ # owner: richard # group: users user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- client side: $ mount |grep richard smicro.local:/home/richard on /home/richard type nfs4 (rw,nosuid,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.29,local_lock=none,addr=192.168.0.1) $ getfacl testdacl/ # file: testdacl/ # owner: richard # group: users user::rwx group::rwx other::--- $ touch testdacl/foo $ getfacl testdacl/foo # file: testdacl/foo # owner: richard # group: users user::rw- group::r-- other::--- The default ACL is missing. On our production shares, this wreaks havoc as on our production shares, group rwx mode is lost preventing users from being able to update files from other users in the group. |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 07 March 2018, 20:38 GMT
Reason for closing: Not a bug
Additional comments about closing: zfs is not in our repos, and aarch64 is not a supported architecture which means this bug should be filed at the "Arch Linux ARM" distribution, not the "Arch Linux" distribution.
Wednesday, 07 March 2018, 20:38 GMT
Reason for closing: Not a bug
Additional comments about closing: zfs is not in our repos, and aarch64 is not a supported architecture which means this bug should be filed at the "Arch Linux ARM" distribution, not the "Arch Linux" distribution.
$ mount |grep richard
smicro.local:/export/home/richard on /home/richard type nfs (rw,nosuid,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.0.1,mountvers=3,mountport=20048,mountproto=udp,local_lock=none,addr=192.168.0.1)
$ getfacl testdacl/
# file: testdacl/
# owner: richard
# group: users
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---
$ touch testdacl/bar
$ getfacl testdacl/*
# file: testdacl/bar
# owner: richard
# group: users
user::rw-
group::rw-
other::---
# file: testdacl/foo
# owner: richard
# group: users
user::rw-
group::r--
other::---
$ nfs4_getfacl testdacl
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rwaDxtcy
A:fdi:EVERYONE@:tcy
$ nfs4_getfacl testdacl/foo
A::OWNER@:rwatTcCy
A::GROUP@:rtcy
A::EVERYONE@:tcy
$ nfs4_getfacl testdacl/bar
A::OWNER@:rwatTcCy
A::GROUP@:rwatcy
A::EVERYONE@:tcy
Good news is that the default permissions are indeed there...