<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I know I am missing something here and it is probably due to lack of experience dealing with ACLs as all other storage we distil down to just posix UGO permissions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We have Windows native clients creating data. There are SMB clients of various flavors accessing data via CES. Then there are Linux native clients that interface between gpfs and other NFS filers for data movement.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What I am running into is around inheriting permissions so that windows native and smb clients have access based on the users group membership that remains sane while also being able to migrate files off to nfs filers with reasonable posix
permissions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here is the top level directory that is the lab name and there is a matching group. That directory is the highest point where an ACL has been set with inheritance. The directory listed is one created from a Windows Native client. The
issue I am running into is that that largec7 directory that was created is having the posix permissions set to nothing for the owner. The ACL that results is okay but when that folder or anything in it is synced off to another filer that only has the basic
posix permission it acts kinda wonky. The user was able to fix up his files on the other filer because he was still the owner but I would like to make it work properly.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[root@gpfs-dm1 smith]# ls -la<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">drwxrwsr-x 84 root smith 16384 Oct 30 23:22 .<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">d---rwsr-x 2 tim smith 4096 Oct 30 23:22 largec7<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">drwx--S--- 2 tim smith 4096 Oct 24 00:17 CFA1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[root@gpfs-dm1 smith]# mmgetacl .<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#NFSv4 ACL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#owner:root<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#group:smith<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:owner@:rwxc:allow:FileInherit:DirInherit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:group@:rwxc:allow:FileInherit:DirInherit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:everyone@:r-x-:allow:FileInherit:DirInherit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[root@gpfs-dm1 smith]# mmgetacl largec7<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#NFSv4 ACL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#owner:tim<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#group:smith<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#ACL flags:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># DACL_PRESENT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># DACL_AUTO_INHERITED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># SACL_AUTO_INHERITED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">user:root:rwxc:allow:FileInherit:DirInherit:Inherited<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:group@:rwxc:allow:FileInherit:DirInherit:Inherited<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:everyone@:r-x-:allow:FileInherit:DirInherit:Inherited<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In contrast the CFA1 directory was created prior to the file and directory inheritance being put in place. That worked okay as long as it was only that user but the lack of group access is a problem and what led to trying to sort out the
inherited ACLs in the first place.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[root@gpfs-dm1 smith]# ls -l<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">drwx--S--- 2 tim smith 4096 Oct 24 00:17 CFA1<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[root@gpfs-dm1 smith]# mmgetacl CFA1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#NFSv4 ACL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#owner:tim<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#group:smith<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#ACL flags:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># DACL_PRESENT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># DACL_AUTO_INHERITED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># SACL_AUTO_INHERITED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">special:owner@:rwxc:allow<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">user:15000001:rwxc:allow<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">user:15000306:r-x-:allow<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you for any suggestions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:black">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Rob Lines<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Sr. HPC Engineer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">HHMI Janelia Research Campus<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>