[gpfsug-discuss] replicating ACLs across GPFS's?

Jez Tucker jtucker at pixitmedia.com
Wed Sep 26 18:43:35 BST 2018 

Hey Carl,

   Are the 4 RFEs I've sent you Q2/18 under this new system or do I need 
to resubmit them?

Jez


On 26/09/18 18:40, Simon Thompson wrote:
> Don't forget we have the upcoming pitch you RFE online meeting.
>
> RFEs have not been flooding in and registrations for the pitch meeting are rather thin on the ground...
>
> Simon
> ________________________________________
> From: gpfsug-discuss-bounces at spectrumscale.org [gpfsug-discuss-bounces at spectrumscale.org] on behalf of Jonathan Buzzard [jonathan.buzzard at strath.ac.uk]
> Sent: 26 September 2018 18:13
> To: gpfsug main discussion list
> Subject: Re: [gpfsug-discuss] replicating ACLs across GPFS's?
>
> On Tue, 2018-09-25 at 17:22 +0000, Bryan Banister wrote:
>> Thanks Simon,
>>
>> I tried out the older patched version of rsync to see if that would
>> work, but still not able to preserve ACLs from an non-GPFS source.
>> There was another thread about this on the user group some time ago
>> as well (2013!), but doesn’t look like any real solution was found
>> (Copy ACLs from outside sources).
>>
>> I’ve also tried tar | tar, but not luck with that either.
>>
>> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl
>> suite of commands, but maybe that coulnfs4_acl_for_path.d be added??
>>
> Well no they work completely differently. However I did write about
> this last month. You can do this by modifying just nfs4_acl_for_path.c
> and nfs4_set_acl.c so they read/write the GPFS ACL struct and convert
> between the GPFS representation and the internal data structure used by
> the nfs4-acl-tools to hold NFSv4 ACL's. I have it working for
> nfs4_getacl. Though this in of itself gets nothing over mmgetacl, other
> than proving the concept valid. I don't have a test GPFS cluster these
> days so I need to tread very lightly.
>
> However I had some questions that I was hoping someone from IBM might
> answer but didn't and have been busy since. Namely
>
>   1. What's the purpose of a special flag to indicate that it is smbd
>      setting the ACL? Does this tie in with the undocumented "mmchfs -k
>      samba" feature?
>
>   2. There is a whole bunch of stuff in the documentation about v4.1
>      ACL's. How does one trigger that. All I seem to be able to do is
>      get POSIX and v4 ACL's. Do you get v4.1 ACL's if you set the file
>      system to "Samba" ACL's?
>
>> I could maybe hack something up that would basically crawl the
>> “outside source” namespace, using the nfs4_getacl operation get the
>> NFSv4 ACLs, parse that output, then attempt to use GPFS `mmputacl` to
>> store the ACL again.  This seems like a horrible way to go, likely
>> prone to mistakes, tough to validate, nightmare to maintain.
>>
> I have said it before and will say it again,  mmputacl is an
> abomination that needs to be put down with extreme prejudice.
>
> I still think that longer term it would be better to modify FreeBSD's
> setfacl/getfacl (say renamed to mmsetfacl and mmgetfacl) to do the job,
> on the basis that they handle both POSIX and NFSv4 ACL's in a
> single command. Though strictly speaking you only need an mmsetfacl.
>
> Perhaps a RFE?
>
> JAB.
>
> --
> Jonathan A. Buzzard                         Tel: +44141-5483420
> HPC System Administrator, ARCHIE-WeSt.
> University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss

-- 
*Jez Tucker*
Head of Research and Development, Pixit Media
07764193820 | jtucker at pixitmedia.com <mailto:jtucker at pixitmedia.com>
www.pixitmedia.com <http://www.pixitmedia.com> | Tw:@pixitmedia.com 
<https://twitter.com/PixitMedia>

-- 
 <http://pixitmedia.com>
This email is confidential in that it is intended 
for the exclusive attention of the addressee(s) indicated. If you are not 
the intended recipient, this email should not be read or disclosed to any 
other person. Please notify the sender immediately and delete this email 
from your computer system. Any opinions expressed are not necessarily those 
of the company from which this email was sent and, whilst to the best of 
our knowledge no viruses or defects exist, no responsibility can be 
accepted for any loss or damage arising from its receipt or subsequent use 
of this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180926/bfcd43df/attachment-0002.htm>

More information about the gpfsug-discuss mailing list