[gpfsug-discuss] Adding to an existing GPFS ACL

Wed Mar 27 16:33:07 GMT 2019

I misunderstood you.

Pretty much what we've been doing is maintaining "ACL template" files based on how our filesystem hierarchy is set up.  Basically, fileset foo has a foo.acl file that contains what the ACL is supposed to be.  If we need to change the ACL, we modify that file with the new ACL and then pass it through a simple (and expensive, I'm sure) script.  This wouldn't be necessary if in heritance flowed down on existing files and directories.  If you have CIFS access, you can also use Windows to do this, but it is MUCH slower.

--
Jonathan Fosburgh
Principal Application Systems Analyst
IT Operations Storage Team
The University of Texas MD Anderson Cancer Center
(713) 745-9346
[1553012336789_download]
________________________________
From: gpfsug-discuss-bounces at spectrumscale.org <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Buterbaugh, Kevin L <Kevin.Buterbaugh at Vanderbilt.Edu>
Sent: Wednesday, March 27, 2019 11:19:03 AM
To: gpfsug main discussion list
Subject: [EXT] Re: [gpfsug-discuss] Adding to an existing GPFS ACL

WARNING: This email originated from outside of MD Anderson. Please validate the sender's email address before clicking on links or attachments as they may not be safe.
Hi Jonathan,

Thanks for the response.  I did look at mmeditacl, but unless I’m missing something it’s interactive (kind of like mmedquota is by default).  If I had only a handful of files / directories to modify that would be fine, but in this case there are thousands of ACL’s that need modifying.

Am I missing something?  Thanks…

Kevin

—
Kevin Buterbaugh - Senior System Administrator
Vanderbilt University - Advanced Computing Center for Research and Education
Kevin.Buterbaugh at vanderbilt.edu<mailto:Kevin.Buterbaugh at vanderbilt.edu> - (615)875-9633

On Mar 27, 2019, at 11:02 AM, Fosburgh,Jonathan <jfosburg at mdanderson.org<mailto:jfosburg at mdanderson.org>> wrote:

Try mmeditacl.

--
Jonathan Fosburgh
Principal Application Systems Analyst
IT Operations Storage Team
The University of Texas MD Anderson Cancer Center
(713) 745-9346
[X]
________________________________
From: gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org> <gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of Buterbaugh, Kevin L <Kevin.Buterbaugh at Vanderbilt.Edu<mailto:Kevin.Buterbaugh at Vanderbilt.Edu>>
Sent: Wednesday, March 27, 2019 10:59:17 AM
To: gpfsug main discussion list
Subject: [EXT] [gpfsug-discuss] Adding to an existing GPFS ACL

WARNING: This email originated from outside of MD Anderson. Please validate the sender's email address before clicking on links or attachments as they may not be safe.
Hi All,

First off, I have very limited experience with GPFS ACL’s, so please forgive me if I’m missing something obvious here.  AFAIK, this is the first time we’ve hit something like this…

We have a fileset where all the files / directories have GPFS NFSv4 ACL’s set on them.  However, unlike most of our filesets where the same ACL is applied to every file / directory in the share, this one has different ACL’s on different files / directories.  Now we have the need to add to the existing ACL’s … another group needs access.  Unlike regular Unix / Linux ACL’s where setfacl can be used to just add to an ACL (i.e. setfacl -R g:group_name:rwx), I’m not seeing where GPFS has a similar command … i.e. mmputacl seems to expect the _entire_ new ACL to be supplied via either manual entry or an input file.  That’s obviously problematic in this scenario.

So am I missing something?  Is there an easier solution than writing a script which recurses over the fileset, gets the existing ACL with mmgetacl and outputs that to a file, edits that file to add in the new group, and passes that as input to mmputacl?  That seems very cumbersome and error prone, especially if I’m the one writing the script!

Thanks…

Kevin
—
Kevin Buterbaugh - Senior System Administrator
Vanderbilt University - Advanced Computing Center for Research and Education
Kevin.Buterbaugh at vanderbilt.edu<mailto:Kevin.Buterbaugh at vanderbilt.edu> - (615)875-9633

The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org<http://spectrumscale.org/>
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=02%7C01%7CKevin.Buterbaugh%40vanderbilt.edu%7Cb2040f23087c4aac0b4908d6b2cf11ed%7Cba5a7f39e3be4ab3b45067fa80faecad%7C0%7C1%7C636892999763011551&sdata=pXhLlRfQuJ4bKfib4bQBlWY4OP5WoZh1YQ%2Bjne2ycEY%3D&reserved=0

The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190327/489acb4d/attachment-0002.htm>