On Tue, Nov 8, 2016 at 12:19 AM, Bill Maidment <[log in to unmask]> wrote:
> Hi again
> My research has revealed that nfs in SL 7.2 is translating the POSIX ACL to NFSv4 ACL (a completely different format).
> vi appears to recognise NFSv4 ACL, but Nautilus, ls and probably other programs, only seem to recognise POSIX ACL.

Ohh. *ouch*. NFSv4 permission management is.... well, it's ugly, for
both NFS and for CIFS.

> So I have the following alternatives:
> 1. Stop nfs translating to NFSv4 ACL
> 2. Change the guest mount to translate NFSv4 ACL back to POSIX ACL
> 3. Change Nautilus, etc to recognise NFSv4 ACL
> 4. Use Samba instead of nfs

Samba is server software. The protocol you're referring to, whether
the upstream is a Samba or Windows server, is CIFS, and the clients
are generally in the somewhat independent toolkit cifs-utils, and CIFS
would mean.... well, a lot of differences, including but not limited
to a *very* chatty protocol with far inferior performance.

> I'm not sure if 1. or 2. are possible and 3. may happen one day. Does anyone know of a practical solution/workaround?
> Cheers
> Bill

If feasible, I'd switch to resetting the default mount behavior to be
NFSv3 based, not NFSv4. NFSv4 has a stack of potentially useful
features, such as using Kerberos credentials instead of simply system
uid for access control. In fact, I wonder if that's part of the issue?
Do you have some Kerberized credentials in play here?


> -----Original message-----
>> From:Bill Maidment <[log in to unmask]>
>> Sent: Sunday 6th November 2016 19:56
>> To: Karel Lang AFD <[log in to unmask]>; [log in to unmask]
>> Subject: RE: ACL Problem in SL7.2
>>
>> Thanks for the response Karel.
>> umask is the standard 0022 and this is a top level directory on the host machine.
>> I am using SL 6.8 to access the directory via nfs share.
>> It looks like there is no problem if the file is created with vi
>> But if I use Nautilus then that's when I get the issue.
>> So Nautilus on SL 6.8 seems to be the culprit (or is it caused by nfs?)
>> Cheers
>> Bill
>>
>> -----Original message-----
>> > From:Karel Lang AFD <[log in to unmask]>
>> > Sent: Sunday 6th November 2016 16:16
>> > To: Bill Maidment <[log in to unmask]>; [log in to unmask]
>> > Subject: Re: ACL Problem in SL7.2
>> >
>> > Hi Bill
>> > just pasted your work here to CLI and works OK on SL 6.7 and SL 7.2 here...
>> > It has to be something else .. umask? or inherited from directory higher up?
>> > Maybe strace would help to see whats happening exactly?
>> >
>> > cheers
>> >
>> > On 11/06/2016 03:58 AM, Bill Maidment wrote:
>> > > Hi
>> > > I am trying to set up ACL on a directory such that any new file created in the directory has permissions of 0660.
>> > > However, when I create a new file, the permissions are set as 0664 (see test.txt file below)
>> > > Is this a bug or am I doing something wrong?
>> > >
>> > > These are the commands I used:
>> > >
>> > > chmod -R u+rwX,g+rwXs,o-rwx /pictures
>> > >
>> > > setfacl -d -m u::rwx,g::rwx,o::--- /pictures
>> > >
>> > > getfacl /pictures
>> > > getfacl: Removing leading '/' from absolute path names
>> > > # file: pictures
>> > > # owner: nfs01
>> > > # group: nfs01
>> > > # flags: -s-
>> > > user::rwx
>> > > group::rwx
>> > > other::---
>> > > default:user::rwx
>> > > default:group::rwx
>> > > default:other::---
>> > >
>> > > ls -latrh /pictures
>> > > total 4.0K
>> > > dr-xr-xr-x. 22 root  root  4.0K Nov  6 12:41 ..
>> > > drwxrws---+  2 nfs01 nfs01   21 Nov  6 13:10 Testing
>> > > -rw-rw-r--   1 nfs01 nfs01    0 Nov  6 13:44 test.txt
>> > > drwxrws---+  3 nfs01 nfs01   35 Nov  6 13:44 .
>> > >
>> > > Cheers
>> > > Bill Maidment
>> > >
>> >
>> >
>>
>>