[gpfsug-discuss] replicating ACLs across GPFS's?

Bryan Banister bbanister at jumptrading.com
Wed Sep 26 18:50:00 BST 2018


I was thinking the same thing Simon.

Johnathan, if you're interested in working together on this RFE, then I'm happy to help!  Just hit me up off list.

Thanks for your response!
-Bryan

-----Original Message-----
From: gpfsug-discuss-bounces at spectrumscale.org <gpfsug-discuss-bounces at spectrumscale.org> On Behalf Of Simon Thompson
Sent: Wednesday, September 26, 2018 12:40 PM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] replicating ACLs across GPFS's?

[EXTERNAL EMAIL]

Don't forget we have the upcoming pitch you RFE online meeting.

RFEs have not been flooding in and registrations for the pitch meeting are rather thin on the ground...

Simon
________________________________________
From: gpfsug-discuss-bounces at spectrumscale.org [gpfsug-discuss-bounces at spectrumscale.org] on behalf of Jonathan Buzzard [jonathan.buzzard at strath.ac.uk]
Sent: 26 September 2018 18:13
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] replicating ACLs across GPFS's?

On Tue, 2018-09-25 at 17:22 +0000, Bryan Banister wrote:
> Thanks Simon,
>
> I tried out the older patched version of rsync to see if that would
> work, but still not able to preserve ACLs from an non-GPFS source.
> There was another thread about this on the user group some time ago as
> well (2013!), but doesn’t look like any real solution was found (Copy
> ACLs from outside sources).
>
> I’ve also tried tar | tar, but not luck with that either.
>
> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl
> suite of commands, but maybe that coulnfs4_acl_for_path.d be added??
>

Well no they work completely differently. However I did write about this last month. You can do this by modifying just nfs4_acl_for_path.c and nfs4_set_acl.c so they read/write the GPFS ACL struct and convert between the GPFS representation and the internal data structure used by the nfs4-acl-tools to hold NFSv4 ACL's. I have it working for nfs4_getacl. Though this in of itself gets nothing over mmgetacl, other than proving the concept valid. I don't have a test GPFS cluster these days so I need to tread very lightly.

However I had some questions that I was hoping someone from IBM might answer but didn't and have been busy since. Namely

 1. What's the purpose of a special flag to indicate that it is smbd
    setting the ACL? Does this tie in with the undocumented "mmchfs -k
    samba" feature?

 2. There is a whole bunch of stuff in the documentation about v4.1
    ACL's. How does one trigger that. All I seem to be able to do is
    get POSIX and v4 ACL's. Do you get v4.1 ACL's if you set the file
    system to "Samba" ACL's?

> I could maybe hack something up that would basically crawl the
> “outside source” namespace, using the nfs4_getacl operation get the
> NFSv4 ACLs, parse that output, then attempt to use GPFS `mmputacl` to
> store the ACL again.  This seems like a horrible way to go, likely
> prone to mistakes, tough to validate, nightmare to maintain.
>

I have said it before and will say it again,  mmputacl is an abomination that needs to be put down with extreme prejudice.

I still think that longer term it would be better to modify FreeBSD's setfacl/getfacl (say renamed to mmsetfacl and mmgetfacl) to do the job, on the basis that they handle both POSIX and NFSv4 ACL's in a single command. Though strictly speaking you only need an mmsetfacl.

Perhaps a RFE?

JAB.

--
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=02%7C01%7Cbbanister%40jumptrading.com%7C79b6b05f19774e69f7c508d623d72bd8%7C11f2af738873424085a3063ce66fc61c%7C1%7C0%7C636735804397065948&sdata=UXl8e7i4Lw9aT023MqI5ys3hG3t8Trk1rMaq1toluxM%3D&reserved=0
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=02%7C01%7Cbbanister%40jumptrading.com%7C79b6b05f19774e69f7c508d623d72bd8%7C11f2af738873424085a3063ce66fc61c%7C1%7C0%7C636735804397065948&sdata=UXl8e7i4Lw9aT023MqI5ys3hG3t8Trk1rMaq1toluxM%3D&reserved=0

________________________________

Note: This email is for the confidential use of the named addressee(s) only and may contain proprietary, confidential, or privileged information and/or personal data. If you are not the intended recipient, you are hereby notified that any review, dissemination, or copying of this email is strictly prohibited, and requested to notify the sender immediately and destroy this email and any attachments. Email transmission cannot be guaranteed to be secure or error-free. The Company, therefore, does not make any guarantees as to the completeness or accuracy of this email or any attachments. This email is for informational purposes only and does not constitute a recommendation, offer, request, or solicitation of any kind to buy, sell, subscribe, redeem, or perform any type of transaction of a financial product. Personal data, as defined by applicable data privacy laws, contained in this email may be processed by the Company, and any of its affiliated or related companies, for potential ongoing compliance and/or business-related purposes. You may have rights regarding your personal data; for information on exercising these rights or the Company’s treatment of personal data, please email datarequests at jumptrading.com.


More information about the gpfsug-discuss mailing list