nfsv4 ACLs?

Jason Tan jtan163 at gmail.com
Fri Oct 4 14:11:09 CST 2013


Hi Folks,


I have a NFSv4 ACL problem.

Basically I have a directory and I would like all directories and files
under it, to inherit read and write and delete privileges (basically rwx in
standard unix perms) for two groups tau and apache.

So the NFS mount point is a dir called tauweb.
That has a child dir d1, which in turn as a child dir d2.

Below is the ACLs for tauwweb.

Below those are the ACLs that the default ACLs I've applied to tauweb
generate.

The problem is tauweb has an ACL:
 A:g:tau at ersa.edu.au:rwaDxtcy which includes the D (delete )flag.

So it is possible to delete d1

However the ACL that is to be inherited  A:fdig:tau at ersa.edu.au:rwaDxtcy

actually gets inhertd like this:
A:g:tau at ersa.edu.au:rxtcy

Note the D perm is missing, so it is not possible to delete tauweb/d1/d2.

Does anyone know why?
Or how I can get the  D flag to propagate to children, grandchildren etc.

See below for the ACLs in question.

Thanks in advance
Jason


[root at tau www]# nfs4_getfacl tauweb/
A::OWNER@:rwaDxtTcCy
A::apache at ersa.edu.au:rwaDxtcy
A::GROUP@:rwaDxtcy
A:g:tau at ersa.edu.au:rwaDxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:apache at ersa.edu.au:rwaDxtcy
A:fdi:GROUP@:rwaDxtcy
A:fdig:tau at ersa.edu.au:rwaDxtcy
A:fdi:EVERYONE@:rxtcy


[root at tau www]# nfs4_getfacl tauweb/d1/
A::OWNER@:rwaDxtTcCy
A::apache at ersa.edu.au:rxtcy
A::GROUP@:rxtcy
A:g:tau at ersa.edu.au:rxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:apache at ersa.edu.au:rwaDxtcy
A:fdi:GROUP@:rwaDxtcy
A:fdig:tau at ersa.edu.au:rwaDxtcy
A:fdi:EVERYONE@:rxtcy

[root at tau www]# nfs4_getfacl tauweb/d1/d2/
A::OWNER@:rwaDxtTcCy
A::apache at ersa.edu.au:rxtcy
A::GROUP@:rxtcy
A:g:tau at ersa.edu.au:rxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:apache at ersa.edu.au:rwaDxtcy
A:fdi:GROUP@:rwaDxtcy
A:fdig:tau at ersa.edu.au:rwaDxtcy
A:fdi:EVERYONE@:rxtcy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.linuxsa.org.au/pipermail/linuxsa/attachments/20131004/fa406130/attachment.html 


More information about the linuxsa mailing list