<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
Not bad for having been awake for only half an hour.
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> gpfsug-discuss-bounces@spectrumscale.org <gpfsug-discuss-bounces@spectrumscale.org> on behalf of Mathias Dietz <MDIETZ@de.ibm.com><br>
<b>Sent:</b> Wednesday, May 15, 2019 6:14:40 AM<br>
<b>To:</b> gpfsug main discussion list<br>
<b>Subject:</b> [EXT] Re: [gpfsug-discuss] Enforce ACLs</font>
<div> </div>
</div>
<div>
<p class="MsoNormal" style="line-height: 12.0pt; background: #FFEB9C;"><strong><span style="color: #9c6500;">WARNING:</span></strong><span style="color: black;"> This email originated from outside of MD Anderson. Please validate the sender's email address before
clicking on links or attachments as they may not be safe. </span></p>
<span style=" font-size:10pt;font-family:sans-serif">Jonathan is mostly right, except that the option is not in mmlsconfig but part of the filesystem configuration (mmlsfs,mmchfs)</span><br>
<br>
<span style=" font-size:11pt;font-family:Menlo-Regular"># mmlsfs objfs -k</span><br>
<span style=" font-size:11pt;font-family:Menlo-Regular">flag value description</span><br>
<span style=" font-size:11pt;font-family:Menlo-Regular">------------------- ------------------------ -----------------------------------</span><br>
<span style=" font-size:11pt;font-family:Menlo-Regular"> -k nfs4 ACL semantics in effect</span><br>
<br>
<br>
<br>
<span style=" font-size:10pt;font-family:sans-serif">Mit freundlichen Grüßen / Kind regards<br>
<br>
Mathias Dietz<br>
<br>
Spectrum Scale Development - Release Lead Architect (4.2.x)<br>
Spectrum Scale RAS Architect<br>
---------------------------------------------------------------------------<br>
IBM Deutschland<br>
Am Weiher 24<br>
65451 Kelsterbach<br>
Phone: +49 70342744105<br>
Mobile: +49-15152801035<br>
E-Mail: mdietz@de.ibm.com<br>
-----------------------------------------------------------------------------<br>
IBM Deutschland Research & Development GmbH<br>
Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk WittkoppSitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294</span><br>
<br>
<br>
<br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From: </span><span style=" font-size:9pt;font-family:sans-serif">"Fosburgh,Jonathan" <jfosburg@mdanderson.org></span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To: </span><span style=" font-size:9pt;font-family:sans-serif">"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org></span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date: </span><span style=" font-size:9pt;font-family:sans-serif">15/05/2019 12:52</span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject: </span><span style=" font-size:9pt;font-family:sans-serif">Re: [gpfsug-discuss] Enforce ACLs</span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent by: </span><span style=" font-size:9pt;font-family:sans-serif">gpfsug-discuss-bounces@spectrumscale.org</span><br>
<hr noshade="">
<br>
<br>
<br>
<span style=" font-size:12pt">I'm not 100% sure this is that it is, but it is most likely your ACL config. If you have to use the nfsv4 ACLs, check in mmlsconfig to make sure you are only using nfsv4 ACLs. I think the options are posix, nfsv4, and both. I would
guess you are set to both.<br>
<br>
--<br>
Jonathan Fosburgh<br>
Principal Application Systems Analyst<br>
IT Operations Storage Team<br>
The University of Texas MD Anderson Cancer Center<br>
(713) 745-9346<br>
<br>
</span>
<hr>
<br>
<span style=" font-size:11pt;font-family:Calibri"><b>From:</b> gpfsug-discuss-bounces@spectrumscale.org <gpfsug-discuss-bounces@spectrumscale.org> on behalf of Rehs, Philipp Helo <Philipp.Rehs@uni-duesseldorf.de><b><br>
Sent:</b> Wednesday, May 15, 2019 3:48:19 AM<b><br>
To:</b> gpfsug-discuss@spectrumscale.org<b><br>
Subject:</b> [EXT] [gpfsug-discuss] Enforce ACLs</span><span style=" font-size:12pt"></span><br>
<span style=" font-size:12pt"> </span><br>
<span style=" font-size:10pt">Hello,<br>
<br>
we are using GPFS 4.2.3 and at the moment we are looking into acls and<br>
inheritance.<br>
<br>
I have the following acls on a directory:<br>
#NFSv4 ACL<br>
#owner:root<br>
#group:root<br>
special:owner@:rwxc:allow:FileInherit:DirInherit<br>
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE<br>
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED<br>
(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH<br>
(X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<br>
<br>
special:group@:r-x-:allow:FileInherit:DirInherit<br>
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE<br>
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED<br>
(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-<br>
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED<br>
<br>
special:everyone@:----:allow:FileInherit:DirInherit<br>
(-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-<br>
)READ_ACL (-)READ_ATTR (-)READ_NAMED<br>
(-)DELETE (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (-<br>
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED<br>
<br>
user:userABC:rwx-:allow:FileInherit:DirInherit<br>
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE<br>
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED<br>
(X)DELETE (X)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-<br>
)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<br>
<br>
<br>
<br>
Then the user creates a new folder in this directory and it does not<br>
get the same acl but normal unix permissions.<br>
Is there any way to enforce the new permissions from the parent?<br>
<br>
Kind regards<br>
Philipp<br>
<br>
-- <br>
Heinrich-Heine-Universität Düsseldorf<br>
Zentrum für Informations- und Medientechnologie<br>
Kompetenzzentrum für wissenschaftliches Rechnen und Speichern<br>
<br>
Universitätsstraße 1<br>
Gebäude 25.41<br>
Raum 00.51<br>
<br>
Telefon: +49-211-81-15557<br>
Mail: Philipp.Rehs@uni-duesseldorf.de</span><br>
<span style=" font-size:12pt">The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable
federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained
therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.</span><tt><span style=" font-size:10pt">_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at spectrumscale.org<br>
</span></tt><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss"><tt><span style=" font-size:10pt">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</span></tt></a><tt><span style=" font-size:10pt"><br>
</span></tt><br>
<br>
<br>
</div>
<p class="MsoNormal">The information contained in this e-mail message may be
privileged, confidential, and/or protected from disclosure. This e-mail message
may contain protected health information (PHI); dissemination of PHI should
comply with applicable federal and state laws. If you are not the intended recipient,
or an authorized representative of the intended recipient, any further review,
disclosure, use, dissemination, distribution, or copying of this message or any
attachment (or the information contained therein) is strictly prohibited. If
you think that you have received this e-mail message in error, please notify
the sender by return e-mail and delete all references to it and its contents
from your systems.<o:p></o:p></p></body>
</html>