Wow. Thanks everyone for your insights and suggestions. After more thinking and tests, it could be that RedHat are closing in on a solution with https://access.redhat.com/solutions/447803 (I'm not a subscriber either).
For me the current situation is not ideal but usable. Adding directories through Nautilus gives the correct permissions inherited down from the top directory, but adding a file adds a gratuitous read on Other. As the share is restricted to a particular group of users, it is no real issue for me. Thanks again everyone. I'll await any further developments from RedHat. Bill -----Original message----- > From:Karel Lang AFD <l...@afd.cz> > Sent: Tuesday 8th November 2016 21:22 > To: Bill Maidment <b...@maidment.me>; SCIENTIFIC-LINUX-USERS@FNAL.GOV > Subject: Re: ACL Problem in SL7.2 > > Hi Bill, > > problem indeed. > Just suggestion/question - the NFS client running on SL 6.x is > configured to use also NFSv4 protocol? Eg. > > mount -t nfs -o vers=4 server:/data /tmp > > btw i think Red Hat been solving something similar here: > > 'NFS client using NFSv4 ACLs loses the correct mask of a newly created > file in subdirectories' > > https://access.redhat.com/solutions/447803 > > unfortunately 'subscriber content' which i'm not, maybe you? :-) > > > On 11/08/2016 06:19 AM, Bill Maidment wrote: > > Hi again > > My research has revealed that nfs in SL 7.2 is translating the POSIX ACL to > > NFSv4 ACL (a completely different format). > > vi appears to recognise NFSv4 ACL, but Nautilus, ls and probably other > > programs, only seem to recognise POSIX ACL. > > > > So I have the following alternatives: > > 1. Stop nfs translating to NFSv4 ACL > > 2. Change the guest mount to translate NFSv4 ACL back to POSIX ACL > > 3. Change Nautilus, etc to recognise NFSv4 ACL > > 4. Use Samba instead of nfs > > > > I'm not sure if 1. or 2. are possible and 3. may happen one day. Does > > anyone know of a practical solution/workaround? > > Cheers > > Bill > > > > -----Original message----- > >> From:Bill Maidment <b...@maidment.me> > >> Sent: Sunday 6th November 2016 19:56 > >> To: Karel Lang AFD <l...@afd.cz>; SCIENTIFIC-LINUX-USERS@FNAL.GOV > >> Subject: RE: ACL Problem in SL7.2 > >> > >> Thanks for the response Karel. > >> umask is the standard 0022 and this is a top level directory on the host > >> machine. > >> I am using SL 6.8 to access the directory via nfs share. > >> It looks like there is no problem if the file is created with vi > >> But if I use Nautilus then that's when I get the issue. > >> So Nautilus on SL 6.8 seems to be the culprit (or is it caused by nfs?) > >> Cheers > >> Bill > >> > >> -----Original message----- > >>> From:Karel Lang AFD <l...@afd.cz> > >>> Sent: Sunday 6th November 2016 16:16 > >>> To: Bill Maidment <b...@maidment.me>; SCIENTIFIC-LINUX-USERS@FNAL.GOV > >>> Subject: Re: ACL Problem in SL7.2 > >>> > >>> Hi Bill > >>> just pasted your work here to CLI and works OK on SL 6.7 and SL 7.2 > >>> here... > >>> It has to be something else .. umask? or inherited from directory higher > >>> up? > >>> Maybe strace would help to see whats happening exactly? > >>> > >>> cheers > >>> > >>> On 11/06/2016 03:58 AM, Bill Maidment wrote: > >>>> Hi > >>>> I am trying to set up ACL on a directory such that any new file created > >>>> in the directory has permissions of 0660. > >>>> However, when I create a new file, the permissions are set as 0664 (see > >>>> test.txt file below) > >>>> Is this a bug or am I doing something wrong? > >>>> > >>>> These are the commands I used: > >>>> > >>>> chmod -R u+rwX,g+rwXs,o-rwx /pictures > >>>> > >>>> setfacl -d -m u::rwx,g::rwx,o::--- /pictures > >>>> > >>>> getfacl /pictures > >>>> getfacl: Removing leading '/' from absolute path names > >>>> # file: pictures > >>>> # owner: nfs01 > >>>> # group: nfs01 > >>>> # flags: -s- > >>>> user::rwx > >>>> group::rwx > >>>> other::--- > >>>> default:user::rwx > >>>> default:group::rwx > >>>> default:other::--- > >>>> > >>>> ls -latrh /pictures > >>>> total 4.0K > >>>> dr-xr-xr-x. 22 root root 4.0K Nov 6 12:41 .. > >>>> drwxrws---+ 2 nfs01 nfs01 21 Nov 6 13:10 Testing > >>>> -rw-rw-r-- 1 nfs01 nfs01 0 Nov 6 13:44 test.txt > >>>> drwxrws---+ 3 nfs01 nfs01 35 Nov 6 13:44 . > >>>> > >>>> Cheers > >>>> Bill Maidment > >>>> > >>> > >>> > >> > >> > > > > -- > *Karel Lang* > *Unix/Linux Administration* > l...@afd.cz | +420 731 13 40 40 > AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz > >