<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi Ilan,</div>
<div dir="ltr" > </div>
<div dir="ltr" >1. Your command might work from the server side; you said you tried it from the client side. Could you find anything in the docs about this? I could not.</div>
<div dir="ltr" > </div>
<div dir="ltr" >2. I can share this NFSv4-themed wrapper around mmputacl if it would be useful to you. You would have to run it from the GPFS side, not the NFS client side.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards,</div>
<div dir="ltr" > </div>
<div dir="ltr" >Jamie</div>
<div dir="ltr" > </div>
<div dir="ltr" ><div># ./updateNFSv4ACL -h<br>Update the NFSv4 ACL governing a file's access permissions.<br> Appends to the existing ACL, overwriting conflicting permissions.</div>
<div>Usage: ./updateNFSv4ACL -file /path/to/file { ADD_PERM_SPEC | DEL_PERM_SPEC }+<br> ADD_PERM_SPEC: { -owningUser PERM | -owningGroup PERM | -other PERM | -ace nameType:name:PERM:aceType }<br> DEL_PERM_SPEC: { -noACEFor nameType:name }<br> PERM: Specify a string composed of one or more of the following letters in no particular order: <br> r (ead)<br> w (rite)<br> a (ppend) Must agree with write<br> x (execute)<br> d (elete)<br> D (elete child) Dirs only<br> t (read attrs)<br> T (write attrs)<br> c (read ACL)<br> C (write ACL)<br> o (change owner)<br> You can also provide these, but they will have no effect in GPFS:<br> n (read named attrs)<br> N (write named attrs)<br> y (support synchronous I/O)<br> <br> To indicate no permissions, give a -</div>
<div> nameType: 'user' or 'group'.<br> aceType: 'allow' or 'deny'.</div>
<div>Examples: ./updateNFSv4ACL -file /fs1/f -owningUser rtc -owningGroup rwaxdtc -other '-'<br> Assign these permissions to 'owner', 'group', 'other'.<br> ./updateNFSv4ACL -file /fs1/f -ace 'user:pfs001:rtc:allow' -noACEFor 'group:fvt001'<br> Allow user pfs001 read/read attrs/read ACL permission<br> Remove all ACEs (allow and deny) for group fvt001.<br>Notes:<br> Permissions you do not allow are denied by default.<br> See the GPFS docs for some other restrictions.<br> ace is short for Access Control Entry</div></div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Ilan Schwarts <ilan84@gmail.com><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [gpfsug-discuss] How to use nfs4_getfacl (or set) on GPFS cluster<br>Date: Mon, Aug 7, 2017 9:27 AM<br>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >Hi all,<br>My setup is 2 nodes GPFS and 1 machine as NFS Client.<br>All machines (3 total) run CentOS 7.2<br><br>The 3rd CentOS machine (not part of the cluster) used as NFS Client.<br><br>I mount the NFS Client machine to one of the nodes: mount -t nfs<br>10.10.158.61:/fs_gpfs01/nfs /mnt/nfs4<br><br>This gives me the following:<br><br>[root@CentOS7286-64 ~]# mount -v | grep gpfs<br>10.10.158.61:/fs_gpfs01/nfs on /mnt/nfs4 type nfs4<br>(rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.10.149.188,local_lock=none,addr=10.10.158.61)<br><br>Now, From the Client NFS Machine, I go to the mount directory ("cd<br>/mnt/nfs4") and try to set an acl. Since NFSv4 should be supported, I<br>use nfs4_getfacl:<br>[root@CentOS7286-64 nfs4]# nfs4_getfacl mydir11<br>Operation to request attribute not supported.<br>[root@CentOS7286-64 nfs4]#<br><br>From the NODE machine i see the status:<br>[root@LH20-GPFS1 fs_gpfs01]# mmlsfs fs_gpfs01<br>flag value description<br>------------------- ------------------------ -----------------------------------<br> -f 8192 Minimum fragment size in bytes<br> -i 4096 Inode size in bytes<br> -I 16384 Indirect block size in bytes<br> -m 1 Default number of metadata replicas<br> -M 2 Maximum number of metadata replicas<br> -r 1 Default number of data replicas<br> -R 2 Maximum number of data replicas<br> -j cluster Block allocation type<br> -D nfs4 File locking semantics in effect<br> -k nfs4 ACL semantics in effect<br> -n 32 Estimated number of nodes<br>that will mount file system<br> -B 262144 Block size<br> -Q none Quotas accounting enabled<br> none Quotas enforced<br> none Default quotas enabled<br> --perfileset-quota No Per-fileset quota enforcement<br> --filesetdf No Fileset df enabled?<br> -V 16.00 (4.2.2.0) File system version<br> --create-time Wed Jul 5 12:28:39 2017 File system creation time<br> -z No Is DMAPI enabled?<br> -L 4194304 Logfile size<br> -E Yes Exact mtime mount option<br> -S No Suppress atime mount option<br> -K whenpossible Strict replica allocation option<br> --fastea Yes Fast external attributes enabled?<br> --encryption No Encryption enabled?<br> --inode-limit 171840 Maximum number of inodes<br>in all inode spaces<br> --log-replicas 0 Number of log replicas<br> --is4KAligned Yes is4KAligned?<br> --rapid-repair Yes rapidRepair enabled?<br> --write-cache-threshold 0 HAWC Threshold (max 65536)<br> -P system Disk storage pools in file system<br> -d nynsd1;nynsd2 Disks in file system<br> -A yes Automatic mount option<br> -o none Additional mount options<br> -T /fs_gpfs01 Default mount point<br> --mount-priority 0 Mount priority<br><br><br><br>I saw this thread:<br><a href="https://serverfault.com/questions/655112/nfsv4-acls-on-gpfs/722200" target="_blank" >https://serverfault.com/questions/655112/nfsv4-acls-on-gpfs/722200</a><br><br>Is it still relevant ? Since 2014..<br><br>Thanks !<br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank" >http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>