[gpfsug-discuss] default owner and group for POSIX ACLs
Paul Ward
p.ward at nhm.ac.uk
Wed Oct 16 11:59:03 BST 2019
We are running GPFS 4.2.3 with Arcpix build 3.5.10 or 3.5.12.
We don't have Ganesha in the build. I'm not sure about the NFS service.
Thanks for the responses, its interesting how the discussion has branched into Ganesha and what ACL changes are picked up by Spectrum Protect and mmbackup (my next major change).
Any more responses on what is the best practice for the default POSIX owner and group of files and folders, when NFSv4 ACLs are used for SMB shares?
Kindest regards,
Paul
Paul Ward
TS Infrastructure Architect
Natural History Museum
T: 02079426450
E: p.ward at nhm.ac.uk
-----Original Message-----
From: gpfsug-discuss-bounces at spectrumscale.org <gpfsug-discuss-bounces at spectrumscale.org> On Behalf Of Jonathan Buzzard
Sent: 16 October 2019 10:36
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] default owner and group for POSIX ACLs
On Wed, 2019-10-16 at 08:21 +0000, Malahal R Naineni wrote: >> Ganesha shows functions for converting between GPFS ACL's and the ACL format as used by Ganesha. Ganesha only supports NFSv4 ACLs, so the conversion is a quick one. kernel NFS server converts NFSv4 ACLs to POSIX ACLs (the mapping isn't perfect) as many of the Linux file systems only support POSIX ACLs (at least this was the behavior).
Yes but the point is you don't need POSIX ACL's on your file system if you are doing NFS exports if you use Ganesha as your NFS server and only do NFSv4 exports. It is then down to the client to deal with the ACL's which the Linux client does. In fact it has for as long as I can remember. There are even tools to manipulate the NFSv4 ACL's (see nfs4- acl-tools on RHEL and derivatives).
What's missing is "rich ACL" support in the Linux kernel.
https://l.antigena.com/l/wElAOKB71BMteh5p3MJsrMJ1piEPqSzVv7jGE7WAADAaMiBDMV~~SJdC~qYZEePn7-JksRn9_H6cg21GWyrYE77TnWcAWsMEnF3Nwuug0tRR7ud7GDl9vPM3iafYImA3LyGuQInuXsXilJ6R9e2qmotMPRr~Lsq9CHJ2fsu1dBR1EL622lakpWuKLhjucFNsxUODYLWWFMzVbWj_AigKVAIMEX8Xqs0hGKXpOmjJOTejZDjM8bOCA1-jl06wU3DoT-ad3latFOtGR-oTHHwhAmu792L7Grmas12aetAuhTHnCQ6BBtRLGR_-iVJFYKfdyJNMVsDeKcBEBKKFSZdF~7ozqBouoIAZPE6cOA8KQIeh6mt1~_n
which seems to be down at the moment. Though there has been activity on the user space utilities.
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fandreas-gruenbacher%2Frichacl%2F&data=02%7C01%7Cp.ward%40nhm.ac.uk%7C2c1e0145dadd4d35842508d7521c4b9c%7C73a29c014e78437fa0d4c8553e1960c1%7C1%7C0%7C637068153793755413&sdata=aUmCoKIC1N5TU95ILatCp2IlmdJ1gKKL8y%2F1V3kWb3M%3D&reserved=0
Is it possible to get IBM to devote some resources to moving this along. It would make using GPFS on Linux with ACL's a more pleasant experience.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=02%7C01%7Cp.ward%40nhm.ac.uk%7C2c1e0145dadd4d35842508d7521c4b9c%7C73a29c014e78437fa0d4c8553e1960c1%7C1%7C0%7C637068153793755413&sdata=ZXLszye50npdSFIu1FuLK3eDbUd%2BV5h29xP1N3XD0jQ%3D&reserved=0
More information about the gpfsug-discuss
mailing list