LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-28-2011, 04:20 PM   #1
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.2, Archlinux
Posts: 283
Blog Entries: 11

Rep: Reputation: 41
Question NFSv4 and ACL


Problem:
  1. We have a directory to be shared amongst several users (all from different client hosts but some of them from the same client host) on a local network.
  2. Some users should have read-only access and some should have full read-write access.
What I have done:
  1. I have implemented ACLs on all the content of the shared directory. It works fine on the server.
  2. I set up the share through NFSv4. It works fine.
  3. However, having ACL work on the clients is not straightforward (I did not know that).
The bottleneck:
Now, the users who should be able to write on that folder can only read the files.
Questions:
  1. What is the most reliable way to make ACL (on this simple setting) work for the clients? I found these options.
  2. Is there a more efficient setup to accomplish the same goal without using NFS?
    Maybe something like this or this?

Thank you for reading this.
 
Old 01-28-2011, 06:57 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
Quote:
Originally Posted by xri View Post
However, having ACL work on the clients is not straightforward (I did not know that).
What specifically is not straightforward about it? Just provide a link to a web page if you want.

Do any of the user accounts belong to more than 16 user groups? That can cause problems.

Are you using the same NFS version on the clients and server? That can cause problems.

The first link that you provided, to the IBM web site, only lists three file system types that support NFS ACLs. Are you using one of these? I don't know the difference between Linux regular ACLs and NFS ACLs. I don't know if there is a difference. They talk about creating these NFS ACLs by using the normal ACL manipulation utilities. Maybe there is a difference depending on the file system type.
 
Old 01-30-2011, 05:55 PM   #3
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.2, Archlinux
Posts: 283

Original Poster
Blog Entries: 11

Rep: Reputation: 41
Quote:
What specifically is not straightforward about it? Just provide a link to a web page if you want.
I meant that it does not work out of the box (by adding -o acl to the mount), but still is probably doable. I just have to choose the best method. Maybe the utility on the link?
Quote:
Do any of the user accounts belong to more than 16 user groups?
No.
Quote:
Are you using the same NFS version on the clients and server?
Yes: nfs-utils 1.2.2
Quote:
file system types that support NFS ACLs. Are you using one of these?
No, just ext3.

Here is /etc/exports
Quote:
/export -fsid=0,rw,no_subtree_check 192.168.2.4 192.168.2.6 192.168.2.7
/export/cons -nohide,rw,sync,no_wdelay,no_subtree_check 192.168.2.4 192.168.2.6 192.168.2.7
Here is the /etc/fstab entry on one of the clients:
Quote:
server:/cons /cons nfs4 auto,users,acl 0 0
 
Old 01-30-2011, 06:30 PM   #4
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
The article about NFSv4 ACLs mapping to a POSIX ACL structure is not encouraging. Is there a compelling reason that you want to use this? It seems that the normal POSIX ACLs used in Linux file systems can be made to implement very detailed security models.
 
Old 02-02-2011, 12:55 PM   #5
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.2, Archlinux
Posts: 283

Original Poster
Blog Entries: 11

Rep: Reputation: 41
Smile

Thank you for following up.
  1. I regularly use the usual Linux ACLs at work and it makes my life easier (considering the heterogeneous group that work at my little shop).
  2. This is the first time I implement NFSv4, and it comes as a surprise that the mounts on the clients do not support the ACLs present on the server. Maybe I made a mistake? My configs are above.
  3. Therefore, I'm looking for ways to make the acls work for the clients' mounts.
 
Old 02-09-2011, 11:55 PM   #6
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.2, Archlinux
Posts: 283

Original Poster
Blog Entries: 11

Rep: Reputation: 41
Maybe a reason for this post not having received much attention could be that most people familiar with the tasks described may consider the problem too trivial to bother?
Maybe I'm overlooking something very simple?
In any case, when I'll figure it out (or give up), and I'll post on this thread again.

Last edited by xri; 02-09-2011 at 11:56 PM. Reason: typos
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nfsv4 in RHEL 5 Fernandoch Red Hat 1 07-17-2008 04:31 PM
iptables acl versus cisco acl id_viorel Linux - Security 1 04-09-2008 06:00 AM
NFSv4 replication and migration PhillipHuang Linux - Software 0 04-12-2007 12:07 AM
NFSv4 + autofs technomancer Linux - Networking 1 11-06-2006 12:10 PM
Tweaking NFSv4 Performance fortezza Linux - Newbie 2 08-14-2005 09:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration