Ah, that might be an issue. It’s hard to gets POSIX<->NFS V4 ACL conversion as
best as possible (again, impossible to make it perfect, even for POSIX->NFS V4).
It would be good to fix all these conversion issues (without copying code from
the kernel – note the license differences…)
Frank
From: Sagar M D [mailto:sagar...@gmail.com]
Sent: Wednesday, February 21, 2018 10:12 PM
To: Sriram Patil <srir...@vmware.com>
Cc: Frank Filz <ffilz...@mindspring.com>; Supriti Singh
<supriti.si...@suse.com>; nfs-ganesha-devel@lists.sourceforge.net
Subject: Re: [Nfs-ganesha-devel] ACL support
Hi,
Kernel nfs reorders the ACE in ACL and i think it puts more restrictive ACEs
first in the list. But i see NFS Ganesha is not doing it,is reordering the
responsibility of FSAL ?
Is there any plans to support reordering ?
Thanks,
Sagar.
On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D <sagar...@gmail.com
<mailto:sagar...@gmail.com> > wrote:
Sriram,
Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4
ACLs. Thanks!.
Frank,
Currently we are doing what you are suggesting i.e we are persistently saving
the in-memory representation of ganesha NFSV4 ACL on disk.
And I'm not sure whether we are ready to check in our fsal into ganesha yet. We
will discuss this internally.
Thanks!
On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil <srir...@vmware.com
<mailto:srir...@vmware.com> > wrote:
Thank you for the correction, Frank.
Sagar, there are a couple of more things that you have not mentioned yet,
1. Have you set ATTR_ACL in supported_attrs field of your FSALs static
fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is
required)
2. You may also want to take a look at ENABLE_RFC_ACL flag. This is not
for enabling ACLs but it is used for access checks in fsal_check_access_acl.
- Sriram
From: Frank Filz <ffilz...@mindspring.com <mailto:ffilz...@mindspring.com> >
Date: Friday, February 16, 2018 at 8:19 PM
To: Sriram Patil <srir...@vmware.com <mailto:srir...@vmware.com> >, 'Sagar M D'
<sagar...@gmail.com <mailto:sagar...@gmail.com> >, 'Supriti Singh'
<supriti.si...@suse.com>
Cc: "nfs-ganesha-devel@lists.sourceforge.net
<mailto:nfs-ganesha-devel@lists.sourceforge.net> "
<nfs-ganesha-devel@lists.sourceforge.net
<mailto:nfs-ganesha-devel@lists.sourceforge.net> >
Subject: RE: [Nfs-ganesha-devel] ACL support
It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s
another detail.
Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX
ACLs. At this point Ganesha has the following support for ACLs:
FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side
POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it
is available to more FSALs (and we will hook it up for FSAL_VFS at that point).
Note that the conversion is not perfect due to NFS v4 ACLs not actually being a
superset of POSIX ACLs.
FSAL_GPFS has native support for NFS v4 ACLs.
At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If
your file system can support NFS v4 ACLs natively, then all you need to do is
provide a mechanism to transfer between Ganesha’s in memory representation of
an NFS v4 ACL and your on-disk representation. If your file system can only
support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER
(or write your own).
I’d also like to add my usual plug, if you have an out of tree FSAL, we
encourage you to submit your FSAL into the tree. That allows us a better
understanding of how Ganesha is being used, and we are less likely to change
APIs in a way that breaks your FSAL (or we will change your FSAL with the API
change).
Frank
From: Sriram Patil [mailto:srir...@vmware.com <mailto:srir...@vmware.com> ]
Sent: Friday, February 16, 2018 2:51 AM
To: Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> >; Supriti Singh
<supriti.si...@suse.com <mailto:supriti.si...@suse.com> >
Cc: nfs-ganesha-devel@lists.sourceforge.net
<mailto:nfs-ganesha-devel@lists.sourceforge.net>
Subject: Re: [Nfs-ganesha-devel] ACL support
Hi Sagar,
I see in your conf file that you are using NFSv4. POSIX acls do not work on
NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need
to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find
these commands in nfs4-acl-tools package.
- Sriram
From: Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> >
Date: Friday, February 16, 2018 at 3:20 PM
To: Supriti Singh <supriti.si...@suse.com <mailto:supriti.si...@suse.com> >
Cc: "nfs-ganesha-devel@lists.sourceforge.net
<mailto:nfs-ganesha-devel@lists.sourceforge.net> "
<nfs-ganesha-devel@lists.sourceforge.net>
Subject: Re: [Nfs-ganesha-devel] ACL support
I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs
fsal also. Any suggestion here please ?
Operation to request attribute not supported.
Failed to instantiate ACL.
EXPORT
{
Export_Id = 77;
# Exported path (mandatory)
Path = /home;
# Pseudo Path (required for NFS v4)
Pseudo = /home;
# Required for access (default is None)
# Could use CLIENT blocks instead
Access_Type = RW;
Disable_ACL = FALSE;
NFS_Protocols = 4;
Squash = no_root_squash;
# Exporting FSAL
FSAL {
Name = VFS;
}
}
Thanks,
Sagar.
On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D <sagar...@gmail.com
<mailto:sagar...@gmail.com> > wrote:
Supriti,
We are testing our own FSAL.
Thanks,
Sagar.
On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh <supriti.si...@suse.com
<mailto:supriti.si...@suse.com> > wrote:
Hi Sagar,
Which FSAL are you using?
------
Supriti Singh
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
>>> Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> > 02/16/18 9:15
>>> AM >>>
Hi,
We are setting below value in our EXPORT block to enable ACL.
Disable_ACL = FALSE;
However when try to do any ACL operation it throws get below error:-
Operation to request attribute not supported.
Failed to instantiate ACL.
On further analysis, i found that getattr call on our fsal export's root
folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on
pseudo export is returning "0" in aclsupport field.
Is there anything else in fsal to be taken care to enable acls ?
Thanks,
Sagar.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel