[gpfsug-discuss] Adding to an existing GPFS ACL
Christopher Black
cblack at nygenome.org
Wed Mar 27 16:07:04 GMT 2019
I don’t have a solution, just similar experience with mmputacl vs setfacl.
IMO, needing to dump and reapply full ACLs rather than just specifying what is to be added is one of a few reasons mmputacl is inferior to setfacl. We do all our extended ACL manipulation with setfacl from a gpfs native client and keep filesystem acl sematics set to -k all rather than -k nfs4. I’d see if you can use setfacl or nfs4_setfacl. This might not work for your use case.
Best,
Chris
From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of "Buterbaugh, Kevin L" <Kevin.Buterbaugh at Vanderbilt.Edu>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Wednesday, March 27, 2019 at 11:59 AM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Adding to an existing GPFS ACL
Hi All,
First off, I have very limited experience with GPFS ACL’s, so please forgive me if I’m missing something obvious here. AFAIK, this is the first time we’ve hit something like this…
We have a fileset where all the files / directories have GPFS NFSv4 ACL’s set on them. However, unlike most of our filesets where the same ACL is applied to every file / directory in the share, this one has different ACL’s on different files / directories. Now we have the need to add to the existing ACL’s … another group needs access. Unlike regular Unix / Linux ACL’s where setfacl can be used to just add to an ACL (i.e. setfacl -R g:group_name:rwx), I’m not seeing where GPFS has a similar command … i.e. mmputacl seems to expect the _entire_ new ACL to be supplied via either manual entry or an input file. That’s obviously problematic in this scenario.
So am I missing something? Is there an easier solution than writing a script which recurses over the fileset, gets the existing ACL with mmgetacl and outputs that to a file, edits that file to add in the new group, and passes that as input to mmputacl? That seems very cumbersome and error prone, especially if I’m the one writing the script!
Thanks…
Kevin
—
Kevin Buterbaugh - Senior System Administrator
Vanderbilt University - Advanced Computing Center for Research and Education
Kevin.Buterbaugh at vanderbilt.edu<mailto:Kevin.Buterbaugh at vanderbilt.edu> - (615)875-9633
________________________________
This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190327/6ecf867b/attachment-0002.htm>
More information about the gpfsug-discuss
mailing list