<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" >>> Ganesha shows functions for converting between GPFS ACL's and the ACL format as used by Ganesha.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Ganesha only supports NFSv4 ACLs, so the conversion is a quick one. kernel NFS server converts NFSv4 ACLs to POSIX ACLs (the mapping isn't perfect) as many of the Linux file systems only support POSIX ACLs (at least this was the behavior).</div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards, Malahal.</div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" data-history-expanded="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Jonathan Buzzard <jonathan.buzzard@strath.ac.uk><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: "gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [EXTERNAL] Re: [gpfsug-discuss] default owner and group for POSIX ACLs<br>Date: Wed, Oct 16, 2019 2:04 AM<br>
<div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >On 15/10/2019 17:15, Paul Ward wrote:<br><br>[SNIP]<br><br>>> ...I am not sure why you need POSIX ACL's if you are running Linux...<br>> From what I have recently read...<br>> <a href="https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.0/com.ibm.spectrum.scale.v4r2.adm.doc/bl1adm_admnfsaclg.htm" target="_blank">https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.0/com.ibm.spectrum.scale.v4r2.adm.doc/bl1adm_admnfsaclg.htm</a><br>> "Linux does not allow a file system to be NFS V4 exported unless it supports POSIX ACLs."<br>><br><br>Only if you are using the inbuilt kernel NFS server, which IMHO is awful<br>from a management perspective. That is you have zero visibility into<br>what the hell it is doing when it all goes pear shaped unless you break<br>out dtrace. I am not sure that using dtrace on a production service to<br>find out what is going on is "best practice". It also in my experience<br>stops you cleanly shutting down most of the time. The sooner it gets<br>removed from the kernel the better IMHO.<br><br>If you are using protocol nodes which is the only supported option as<br>far as I am aware then that does not apply. I would imagined if you are<br>rolling your own Ganesha NFS server it won't matter either.<br><br>Checking the code of the FSAL in Ganesha shows functions for converting<br>between GPFS ACL's and the ACL format as used by Ganesha. My<br>understanding was one of the drivers for using Ganesha as an NFS server<br>with GPFS was you can write a FSAL to do just that, in the same way as<br>on Samba you load the vfs_gpfs module, unless you are into self<br>flagellation I guess.<br><br><br>JAB.<br><br>--<br>Jonathan A. Buzzard Tel: +44141-5483420<br>HPC System Administrator, ARCHIE-WeSt.<br>University of Strathclyde, John Anderson Building, Glasgow. G4 0NG<br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a> </font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>