Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have a directory to be shared amongst several users (all from different client hosts but some of them from the same client host) on a local network.
Some users should have read-only access and some should have full read-write access.
What I have done:
I have implemented ACLs on all the content of the shared directory. It works fine on the server.
I set up the share through NFSv4. It works fine.
However, having ACL work on the clients is not straightforward (I did not know that).
The bottleneck:
Now, the users who should be able to write on that folder can only read the files.
Questions:
What is the most reliable way to make ACL (on this simple setting) work for the clients? I found these options.
Is there a more efficient setup to accomplish the same goal without using NFS?
Maybe something like this or this?
However, having ACL work on the clients is not straightforward (I did not know that).
What specifically is not straightforward about it? Just provide a link to a web page if you want.
Do any of the user accounts belong to more than 16 user groups? That can cause problems.
Are you using the same NFS version on the clients and server? That can cause problems.
The first link that you provided, to the IBM web site, only lists three file system types that support NFS ACLs. Are you using one of these? I don't know the difference between Linux regular ACLs and NFS ACLs. I don't know if there is a difference. They talk about creating these NFS ACLs by using the normal ACL manipulation utilities. Maybe there is a difference depending on the file system type.
What specifically is not straightforward about it? Just provide a link to a web page if you want.
I meant that it does not work out of the box (by adding -o acl to the mount), but still is probably doable. I just have to choose the best method. Maybe the utility on the link?
Quote:
Do any of the user accounts belong to more than 16 user groups?
No.
Quote:
Are you using the same NFS version on the clients and server?
Yes: nfs-utils 1.2.2
Quote:
file system types that support NFS ACLs. Are you using one of these?
The article about NFSv4 ACLs mapping to a POSIX ACL structure is not encouraging. Is there a compelling reason that you want to use this? It seems that the normal POSIX ACLs used in Linux file systems can be made to implement very detailed security models.
I regularly use the usual Linux ACLs at work and it makes my life easier (considering the heterogeneous group that work at my little shop).
This is the first time I implement NFSv4, and it comes as a surprise that the mounts on the clients do not support the ACLs present on the server. Maybe I made a mistake? My configs are above.
Therefore, I'm looking for ways to make the acls work for the clients' mounts.
Maybe a reason for this post not having received much attention could be that most people familiar with the tasks described may consider the problem too trivial to bother?
Maybe I'm overlooking something very simple?
In any case, when I'll figure it out (or give up), and I'll post on this thread again.
Last edited by xri; 02-09-2011 at 10:56 PM.
Reason: typos
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.