<p dir="ltr">Hi, <br>
The command should work from server side i know.. but isnt the scenario of: Root user, that is mounted via nfsv4 to a gpfs filesystem, cannot edit any of the mounted files/dirs acls? <br>
The acls are editable only from server side?<br>
Thanks!</p>
<div class="gmail_quote">On Aug 8, 2017 00:10, "James Davis" <<a href="mailto:jamiedavis@us.ibm.com">jamiedavis@us.ibm.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_-1161087538007568645socmaildefaultfont" dir="ltr" style="font-family:Arial,Helvetica,sans-serif;font-size:10.5pt"><div dir="ltr">Hi Ilan,</div>
<div dir="ltr"> </div>
<div dir="ltr">1. Your command might work from the server side; you said you tried it from the client side. Could you find anything in the docs about this? I could not.</div>
<div dir="ltr"> </div>
<div dir="ltr">2. I can share this NFSv4-themed wrapper around mmputacl if it would be useful to you. You would have to run it from the GPFS side, not the NFS client side.</div>
<div dir="ltr"> </div>
<div dir="ltr">Regards,</div>
<div dir="ltr"> </div>
<div dir="ltr">Jamie</div>
<div dir="ltr"> </div>
<div dir="ltr"><div># ./updateNFSv4ACL -h<br>Update the NFSv4 ACL governing a file's access permissions.<br> Appends to the existing ACL, overwriting conflicting permissions.</div>
<div>Usage: ./updateNFSv4ACL -file /path/to/file { ADD_PERM_SPEC | DEL_PERM_SPEC }+<br> ADD_PERM_SPEC: { -owningUser PERM | -owningGroup PERM | -other PERM | -ace nameType:name:PERM:aceType }<br> DEL_PERM_SPEC: { -noACEFor nameType:name }<br> PERM: Specify a string composed of one or more of the following letters in no particular order: <br> r (ead)<br> w (rite)<br> a (ppend) Must agree with write<br> x (execute)<br> d (elete)<br> D (elete child) Dirs only<br> t (read attrs)<br> T (write attrs)<br> c (read ACL)<br> C (write ACL)<br> o (change owner)<br> You can also provide these, but they will have no effect in GPFS:<br> n (read named attrs)<br> N (write named attrs)<br> y (support synchronous I/O)<br> <br> To indicate no permissions, give a -</div>
<div> nameType: 'user' or 'group'.<br> aceType: 'allow' or 'deny'.</div>
<div>Examples: ./updateNFSv4ACL -file /fs1/f -owningUser rtc -owningGroup rwaxdtc -other '-'<br> Assign these permissions to 'owner', 'group', 'other'.<br> ./updateNFSv4ACL -file /fs1/f -ace 'user:pfs001:rtc:allow' -noACEFor 'group:fvt001'<br> Allow user pfs001 read/read attrs/read ACL permission<br> Remove all ACEs (allow and deny) for group fvt001.<br>Notes:<br> Permissions you do not allow are denied by default.<br> See the GPFS docs for some other restrictions.<br> ace is short for Access Control Entry</div></div>
<div dir="ltr"> </div>
<blockquote dir="ltr" style="border-left:solid #aaaaaa 2px;margin-left:5px;padding-left:5px;direction:ltr;margin-right:0px">----- Original message -----<br>From: Ilan Schwarts <<a href="mailto:ilan84@gmail.com" target="_blank">ilan84@gmail.com</a>><br>Sent by: <a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" target="_blank">gpfsug-discuss-bounces@<wbr>spectrumscale.org</a><br>To: gpfsug main discussion list <<a href="mailto:gpfsug-discuss@spectrumscale.org" target="_blank">gpfsug-discuss@spectrumscale.<wbr>org</a>><br>Cc:<br>Subject: [gpfsug-discuss] How to use nfs4_getfacl (or set) on GPFS cluster<br>Date: Mon, Aug 7, 2017 9:27 AM<br>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace">Hi all,<br>My setup is 2 nodes GPFS and 1 machine as NFS Client.<br>All machines (3 total) run CentOS 7.2<br><br>The 3rd CentOS machine (not part of the cluster) used as NFS Client.<br><br>I mount the NFS Client machine to one of the nodes: mount -t nfs<br>10.10.158.61:/fs_gpfs01/nfs /mnt/nfs4<br><br>This gives me the following:<br><br>[root@CentOS7286-64 ~]# mount -v | grep gpfs<br>10.10.158.61:/fs_gpfs01/nfs on /mnt/nfs4 type nfs4<br>(rw,relatime,vers=4.0,rsize=<wbr>524288,wsize=524288,namlen=<wbr>255,hard,proto=tcp,port=0,<wbr>timeo=600,retrans=2,sec=sys,<wbr>clientaddr=10.10.149.188,<wbr>local_lock=none,addr=10.10.<wbr>158.61)<br><br>Now, From the Client NFS Machine, I go to the mount directory ("cd<br>/mnt/nfs4") and try to set an acl. Since NFSv4 should be supported, I<br>use nfs4_getfacl:<br>[root@CentOS7286-64 nfs4]# nfs4_getfacl mydir11<br>Operation to request attribute not supported.<br>[root@CentOS7286-64 nfs4]#<br><br>From the NODE machine i see the status:<br>[root@LH20-GPFS1 fs_gpfs01]# mmlsfs fs_gpfs01<br>flag value description<br>------------------- ------------------------ ------------------------------<wbr>-----<br> -f 8192 Minimum fragment size in bytes<br> -i 4096 Inode size in bytes<br> -I 16384 Indirect block size in bytes<br> -m 1 Default number of metadata replicas<br> -M 2 Maximum number of metadata replicas<br> -r 1 Default number of data replicas<br> -R 2 Maximum number of data replicas<br> -j cluster Block allocation type<br> -D nfs4 File locking semantics in effect<br> -k nfs4 ACL semantics in effect<br> -n 32 Estimated number of nodes<br>that will mount file system<br> -B 262144 Block size<br> -Q none Quotas accounting enabled<br> none Quotas enforced<br> none Default quotas enabled<br> --perfileset-quota No Per-fileset quota enforcement<br> --filesetdf No Fileset df enabled?<br> -V 16.00 (4.2.2.0) File system version<br> --create-time Wed Jul 5 12:28:39 2017 File system creation time<br> -z No Is DMAPI enabled?<br> -L 4194304 Logfile size<br> -E Yes Exact mtime mount option<br> -S No Suppress atime mount option<br> -K whenpossible Strict replica allocation option<br> --fastea Yes Fast external attributes enabled?<br> --encryption No Encryption enabled?<br> --inode-limit 171840 Maximum number of inodes<br>in all inode spaces<br> --log-replicas 0 Number of log replicas<br> --is4KAligned Yes is4KAligned?<br> --rapid-repair Yes rapidRepair enabled?<br> --write-cache-threshold 0 HAWC Threshold (max 65536)<br> -P system Disk storage pools in file system<br> -d nynsd1;nynsd2 Disks in file system<br> -A yes Automatic mount option<br> -o none Additional mount options<br> -T /fs_gpfs01 Default mount point<br> --mount-priority 0 Mount priority<br><br><br><br>I saw this thread:<br><a href="https://serverfault.com/questions/655112/nfsv4-acls-on-gpfs/722200" target="_blank">https://serverfault.com/<wbr>questions/655112/nfsv4-acls-<wbr>on-gpfs/722200</a><br><br>Is it still relevant ? Since 2014..<br><br>Thanks !<br>______________________________<wbr>_________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at <a href="http://spectrumscale.org" target="_blank">spectrumscale.org</a><br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/<wbr>listinfo/gpfsug-discuss</a></font><br> </div></blockquote>
<div dir="ltr"> </div></div><br>
<br>______________________________<wbr>_________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" target="_blank">spectrumscale.org</a><br>
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" target="_blank">http://gpfsug.org/mailman/<wbr>listinfo/gpfsug-discuss</a><br>
<br></blockquote></div>