[gpfsug-discuss] default owner and group for POSIX ACLs

Jonathan Buzzard jonathan.buzzard at strath.ac.uk
Tue Oct 15 15:30:28 BST 2019


On Tue, 2019-10-15 at 12:34 +0000, Paul Ward wrote:
> We are in the process of changing the way GPFS assigns UID/GIDs from
> internal tdb to using AD RIDs with an offset that matches our linux
> systems. We, therefore, need to change the ACLs for all the files in
> GPFS (up to 80 million).

You do realize that will mean backing everything up again...

> We are running in mixed ACL mode, with some POSIX and some NFSv4 ACLs
> being applied. (This system was set up 14 years ago and has changed
> roles over time) We are running on linux, so need to have POSIX
> permissions enabled.

We run on Linux and only have NFSv4 ACL's applied. I am not sure why
you need POSIX ACL's if you are running Linux. Very very few
applications will actually check ACL's or even for that matter
permissions. They just do an fopen call or similar and the OS either
goes yeah or neah, and the app needs to do something in the case of
neah.

>  
> What I want to know for those in a similar environment, what do you
> have as the POSIX owner and group, when NFSv4 ACLs are in use?
> root:root
>  
> or do you have all files owned by a filesystem administrator account
> and group:
> <ad service account>:<ad fileserver admin group>
>  
> on our samba shares we have :
> admin users = @<ad fileserver admin group>                  
> So don’t actually need the group defined in POSIX.
> 

Samba works much better with NFSv4 ACL's.

JAB.

-- 
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG





More information about the gpfsug-discuss mailing list