[gpfsug-discuss] DACLs and nfs4-acl-tools
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Mon Feb 26 23:15:34 GMT 2024
On 26/02/2024 22:21, Jonathan Buzzard wrote:
> CAUTION: This email originated outside the University. Check before
> clicking links or attachments.
>
> On 26/02/2024 18:16, Jan-Frode Myklebust wrote:
>
>> It’s not just the nfs4_setfacl tool. Also cp and rsync will fail to cooy
>> such ACLs.
>>
>> I have an RFE for this :
>>
>> https://ideas.ibm.com/ideas/GPFS-I-986
>> <https://ideas.ibm.com/ideas/GPFS-I-986>
>>
>>
>
> At this point in time requests for being able to recursively set NFSv4
> ACL's on GPFS are over 12 years old. At least that would be about the
> time frame for requests for the feature made by myself.
>
> Unfortunately I think the chances of IBM doing anything about it is
> somewhere around ħ
>
> Shame really as it would not be particularly hard to do. I have an old
> proof of concept that uses the FreeBSD tool (mainly of licensing
> reasons). Basically it transforms the GPFS ACL to the storage format
> used by the FreeBSD tool. Just needs refactoring to use the GPFS ACL
> storage format throughout. Probably about a weeks developer effort.
>
> There are some poorly publicly documented features of the GPFS ACL
> format that make me reluctant to release my code in case it chews
> someone's filesystem.
>
Looks like IBM might have actually delivered it as a feature
https://ibm-sys-storage.ideas.ibm.com/ideas/GPFS-I-695
In summary
The version of chmod linked below fully supports the manipulation of
NFSv4 ACLs. This is the version that Isilon OneFS uses and it's
fantastic. I can add/remove Active Directory users and groups, modify
permissions, add ACL control flags, etc., all without ever touching a
Windows computer.
https://www.freebsd.org/cgi/man.cgi?query=chmod&apropos=0&sektion=0&manpath=Darwin+8.0.1%2Fppc&format=html
Can this work on GPFS?
It is marked as delivered in Scale 5.1.7 in September of last year.
Though I have not the foggiest how you use it and can't find any mention
in the command reference for 5.1.9
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list