-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Files created by ZoL have an empty NFSv4 ACL #6391
Comments
Do you have ACL's enabled on the dataset? from man zfs(8):
|
According to zfs(8), only POSIX ACL is currently supported by ZoL, and it is completely separated from the NFSv4 ACL in ZFS internally.
|
Yes, sorry it appears I was mistaken. I did some looking around and it looks like this works under nfs v3 but nfs v4 does things differently. |
#4966 |
Are you even using NFS in the problem you reported? Also, the filesystem on Linux don't need to explicit support nfs4 acl, because the nfs kernel server will translate it from posixacl. So if you enable posixacl on the filesystem it should be fine. |
I'm not talking about NFS, but the NFSv4 ACL that is supported by the ZFS internally. |
I see what you mean. While it's possible to implement it, there are certain things to consider. For example, the NFS server on Linux export ACL by translating POSIX ACL, which means we'll have to translate NFS4 ACL to POSIX ACL first. But since the translation is not possible to be perfect. It might create problems. |
In fact, I don't use neither POSIX ACL and NFSv4 ACL, but missing ACL make files inaccessible from some other platforms, so before NFSv4 ACL for ZoL is fully implemented just translate file permission mode to NFSv4 ACL should be enough to resolve this problem. |
This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions. |
This issue shouldn't be closed because it is yet to be fixed. |
This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions. |
This issue appears be fixed now; files created using OpenZFS 2.0.4 now have the proper default ACL entries that worked correctly under Solaris:
I guess it was fixed by implementing NFSv4 ACL support for FreeBSD. |
System information
Describe the problem you're observing
I known that the NFSv4 ACL for ZoL in currently unimplemented due to the leak of user land tools for Linux, but files on ZFS having empty ACL cases problem when interact with other platforms that support NFSv4 ACL for ZFS.
Describe how to reproduce the problem
Put a file on a pool, and export this pool on Linux
Import the pool on a Solaris OS (the pool is created with an version that both OpenZFS and Solaris supports)
Looking the file by an non-root user
Looks like I have the reading permission to this file, but...
Because the file have empty ACL
Create a default ACL from permissions mode for this file by using chmod command will fix this
I think ZoL should add a module parameter or a property to turn on a behavior, that create the NFSv4 ACL from corresponding file mode when chmod(2) or creat(2) files, even this ACL is currently meaningless on Linux.
The text was updated successfully, but these errors were encountered: