subject:"\[Nfs\-ganesha\-devel\] ACL support"

Re: [Nfs-ganesha-devel] ACL support

2018-02-22 Thread J. Bruce Fields

On Thu, Feb 22, 2018 at 06:18:52AM -0800, Frank Filz wrote:
> Ah, that might be an issue. It’s hard to gets POSIX<->NFS V4 ACL
> conversion as best as possible (again, impossible to make it perfect,
> even for POSIX->NFS V4).

Well, POSIX->NFSv4 should be very close to perfect.  (Name mapping might
be the most likely problem in practice.)

> It would be good to fix all these conversion issues (without copying
> code from the kernel – note the license differences…)

The original ACL mapping code was all written while I was at UM/CITI by
me and a couple students, contributed under a permissive BSD-like
license, as you can see from the license header on fs/nfsd/nfs4acl.c.

So you should verify the license and git history to be sure, but I doubt
licensing would be an obstacle.

git://linux-nfs.org/bfields/acl.git also has patches implementing the
same mapping in libacl, written entirely while I was at citi.  They were
never upstreamed.  I'd recommend taking the kernel code instead as it's
gotten more bugfixes.

https://tools.ietf.org/html/draft-ietf-nfsv4-acl-mapping-05 has the best
documentation of the mapping.

All that aside, I agree with Frank that this is all complicated and
error-prone.  But the richacl patches seem stuck.  The only other
alternative I can think of at this point is to go back to the ietf nfsv4
working group with a proposal to add POSIX-like ACLs to NFSv4.2.

--b.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

2018-02-22 Thread Frank Filz

Ah, that might be an issue. It’s hard to gets POSIX<->NFS V4 ACL conversion as 
best as possible (again, impossible to make it perfect, even for POSIX->NFS V4).

 

It would be good to fix all these conversion issues (without copying code from 
the kernel – note the license differences…)

 

Frank

 

From: Sagar M D [mailto:sagar...@gmail.com] 
Sent: Wednesday, February 21, 2018 10:12 PM
To: Sriram Patil <srir...@vmware.com>
Cc: Frank Filz <ffilz...@mindspring.com>; Supriti Singh 
<supriti.si...@suse.com>; nfs-ganesha-devel@lists.sourceforge.net
Subject: Re: [Nfs-ganesha-devel] ACL support

 

Hi,

 

Kernel nfs reorders the ACE in ACL and i think it puts more restrictive ACEs 
first in the list. But i see NFS Ganesha is not doing it,is reordering the 
responsibility of  FSAL ?

Is there any plans to support reordering ?

 

Thanks,

Sagar.

 

On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D <sagar...@gmail.com 
<mailto:sagar...@gmail.com> > wrote:

Sriram,

 

Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4 
ACLs. Thanks!.

Frank,

Currently we are doing what you are suggesting i.e we are persistently saving 
the in-memory representation of ganesha NFSV4 ACL on disk.

And I'm not sure whether we are ready to check in our fsal into ganesha yet. We 
will discuss this internally.

Thanks! 

 

On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil <srir...@vmware.com 
<mailto:srir...@vmware.com> > wrote:

Thank you for the correction, Frank.

 

Sagar, there are a couple of more things that you have not mentioned yet,

 

1.  Have you set ATTR_ACL in supported_attrs field of your FSALs static 
fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is 
required)
2.  You may also want to take a look at ENABLE_RFC_ACL flag. This is not 
for enabling ACLs but it is used for access checks in fsal_check_access_acl.

 

- Sriram

 

From: Frank Filz <ffilz...@mindspring.com <mailto:ffilz...@mindspring.com> >
Date: Friday, February 16, 2018 at 8:19 PM
To: Sriram Patil <srir...@vmware.com <mailto:srir...@vmware.com> >, 'Sagar M D' 
<sagar...@gmail.com <mailto:sagar...@gmail.com> >, 'Supriti Singh' 
<supriti.si...@suse.com>
Cc: "nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net> " 
<nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net> >
Subject: RE: [Nfs-ganesha-devel] ACL support

 

It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s 
another detail.

 

Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX 
ACLs. At this point Ganesha has the following support for ACLs:

 

FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side 
POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it 
is available to more FSALs (and we will hook it up for FSAL_VFS at that point). 
Note that the conversion is not perfect due to NFS v4 ACLs not actually being a 
superset of POSIX ACLs.

 

FSAL_GPFS has native support for NFS v4 ACLs.

 

At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If 
your file system can support NFS v4 ACLs natively, then all you need to do is 
provide a mechanism to transfer between Ganesha’s in memory representation of 
an NFS v4 ACL and your on-disk representation. If your file system can only 
support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER 
(or write your own).

 

I’d also like to add my usual plug, if you have an out of tree FSAL, we 
encourage you to submit your FSAL into the tree. That allows us a better 
understanding of how Ganesha is being used, and we are less likely to change 
APIs in a way that breaks your FSAL (or we will change your FSAL with the API 
change).

 

Frank

 

From: Sriram Patil [mailto:srir...@vmware.com <mailto:srir...@vmware.com> ] 
Sent: Friday, February 16, 2018 2:51 AM
To: Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> >; Supriti Singh 
<supriti.si...@suse.com <mailto:supriti.si...@suse.com> >
Cc: nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net> 
Subject: Re: [Nfs-ganesha-devel] ACL support

 

Hi Sagar,

 

I see in your conf file that you are using NFSv4. POSIX acls do not work on 
NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need 
to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find 
these commands in nfs4-acl-tools package.

 

- Sriram

 

From: Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> >
Date: Friday, February 16, 2018 at 3:20 PM
To: Supriti Singh <supriti.si...@suse.com <mailto:supriti.si...@suse.com> >
Cc: "nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net&g

Re: [Nfs-ganesha-devel] ACL support

2018-02-21 Thread Sagar M D

Hi,

Kernel nfs reorders the ACE in ACL and i think it puts more restrictive
ACEs first in the list. But i see NFS Ganesha is not doing it,is reordering
the responsibility of  FSAL ?
Is there any plans to support reordering ?

Thanks,
Sagar.

On Mon, Feb 19, 2018 at 11:43 AM, Sagar M D <sagar...@gmail.com> wrote:

> Sriram,
>
> Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4
> ACLs. Thanks!.
>
> Frank,
> Currently we are doing what you are suggesting i.e we are persistently
> saving the in-memory representation of ganesha NFSV4 ACL on disk.
> And I'm not sure whether we are ready to check in our fsal into ganesha
> yet. We will discuss this internally.
>
> Thanks!
>
> On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil <srir...@vmware.com> wrote:
>
>> Thank you for the correction, Frank.
>>
>>
>>
>> Sagar, there are a couple of more things that you have not mentioned yet,
>>
>>
>>
>>1. Have you set ATTR_ACL in supported_attrs field of your FSALs
>>static fsinfo? (check usage of function nfs4_Fattr_Supported to know why
>>this is required)
>>2. You may also want to take a look at ENABLE_RFC_ACL flag. This is
>>not for enabling ACLs but it is used for access checks in
>>fsal_check_access_acl.
>>
>>
>>
>> - Sriram
>>
>>
>>
>> *From: *Frank Filz <ffilz...@mindspring.com>
>> *Date: *Friday, February 16, 2018 at 8:19 PM
>> *To: *Sriram Patil <srir...@vmware.com>, 'Sagar M D' <sagar...@gmail.com>,
>> 'Supriti Singh' <supriti.si...@suse.com>
>> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <
>> nfs-ganesha-devel@lists.sourceforge.net>
>> *Subject: *RE: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but
>> that’s another detail.
>>
>>
>>
>> Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for
>> POSIX ACLs. At this point Ganesha has the following support for ACLs:
>>
>>
>>
>> FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server
>> side POSIX ACLs. In V2.7 we plan to move this support to the FSAL common
>> code so it is available to more FSALs (and we will hook it up for FSAL_VFS
>> at that point). Note that the conversion is not perfect due to NFS v4 ACLs
>> not actually being a superset of POSIX ACLs.
>>
>>
>>
>> FSAL_GPFS has native support for NFS v4 ACLs.
>>
>>
>>
>> At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL
>> API. If your file system can support NFS v4 ACLs natively, then all you
>> need to do is provide a mechanism to transfer between Ganesha’s in memory
>> representation of an NFS v4 ACL and your on-disk representation. If your
>> file system can only support POSIX ACLs, then you will need the translation
>> code from FSAL_GLUSTER (or write your own).
>>
>>
>>
>> I’d also like to add my usual plug, if you have an out of tree FSAL, we
>> encourage you to submit your FSAL into the tree. That allows us a better
>> understanding of how Ganesha is being used, and we are less likely to
>> change APIs in a way that breaks your FSAL (or we will change your FSAL
>> with the API change).
>>
>>
>>
>> Frank
>>
>>
>>
>> *From:* Sriram Patil [mailto:srir...@vmware.com]
>> *Sent:* Friday, February 16, 2018 2:51 AM
>> *To:* Sagar M D <sagar...@gmail.com>; Supriti Singh <
>> supriti.si...@suse.com>
>> *Cc:* nfs-ganesha-devel@lists.sourceforge.net
>> *Subject:* Re: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> Hi Sagar,
>>
>>
>>
>> I see in your conf file that you are using NFSv4. POSIX acls do not work
>> on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you
>> need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can
>> find these commands in nfs4-acl-tools package.
>>
>>
>>
>> - Sriram
>>
>>
>>
>> *From: *Sagar M D <sagar...@gmail.com>
>> *Date: *Friday, February 16, 2018 at 3:20 PM
>> *To: *Supriti Singh <supriti.si...@suse.com>
>> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <
>> nfs-ganesha-devel@lists.sourceforge.net>
>> *Subject: *Re: [Nfs-ganesha-devel] ACL support
>>
>>
>>
>> I quickly checked on VFS FSAL using below EXPORT block. I see same issue
>> on vfs fsal also. Any suggestion here please ?
>>
>>
>

Re: [Nfs-ganesha-devel] ACL support

2018-02-19 Thread Sagar M D

Sriram,

I was using nfsv4 acl commands only.

[root@BDC sagar]# nfs4_getfacl 1.txt
Operation to request attribute not supported.

[root@BDC sagar]# nfs4_setfacl  -a A::10:rxtncy 1.txt
Operation to request attribute not supported.
Failed to instantiate ACL.

Thanks,
Sagar.


On Fri, Feb 16, 2018 at 4:20 PM, Sriram Patil <srir...@vmware.com> wrote:

> Hi Sagar,
>
>
>
> I see in your conf file that you are using NFSv4. POSIX acls do not work
> on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you
> need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can
> find these commands in nfs4-acl-tools package.
>
>
>
> - Sriram
>
>
>
> *From: *Sagar M D <sagar...@gmail.com>
> *Date: *Friday, February 16, 2018 at 3:20 PM
> *To: *Supriti Singh <supriti.si...@suse.com>
> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <nfs-ganesha-devel@lists.
> sourceforge.net>
> *Subject: *Re: [Nfs-ganesha-devel] ACL support
>
>
>
> I quickly checked on VFS FSAL using below EXPORT block. I see same issue
> on vfs fsal also. Any suggestion here please ?
>
>
>
> *Operation to request attribute not supported. Failed to instantiate ACL. *
>
> EXPORT
> {
> Export_Id = 77;
>
> # Exported path (mandatory)
> Path = /home;
>
> # Pseudo Path (required for NFS v4)
> Pseudo = /home;
>
> # Required for access (default is None)
> # Could use CLIENT blocks instead
> Access_Type = RW;
> Disable_ACL = FALSE;
> NFS_Protocols = 4;
> Squash = no_root_squash;
>
> # Exporting FSAL
> FSAL {
> Name = VFS;
> }
> }
>
> Thanks,
>
> Sagar.
>
>
>
>
>
> On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D <sagar...@gmail.com> wrote:
>
> Supriti,
>
>
>
> We are testing our own FSAL.
>
> Thanks,
>
> Sagar.
>
>
>
>
>
> On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh <supriti.si...@suse.com>
> wrote:
>
> Hi Sagar,
>
> Which FSAL are you using?
>
>
>
>
>
> --
>
> Supriti Singh
>
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
>
> HRB 21284 (AG Nürnberg)
>
>
> >>> Sagar M D <sagar...@gmail.com> 02/16/18 9:15 AM >>>
>
> Hi,
>
> We are setting below value in our EXPORT block to enable ACL.
> *Disable_ACL = FALSE;*
>
> However when try to do any ACL operation it throws get below error:-
>
> *Operation to request attribute not supported. Failed to instantiate ACL.*
>
> On further analysis, i found that getattr call on our fsal  export's root
> folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call
> on pseudo export is returning "0" in aclsupport field.
>
>
>
>
>
> Is there anything else in fsal to be taken care to enable acls ?
>
>
>
> Thanks,
>
> Sagar.
>
>
>
>
>
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

2018-02-19 Thread Sriram Patil

Thank you for the correction, Frank.

Sagar, there are a couple of more things that you have not mentioned yet,

  1.  Have you set ATTR_ACL in supported_attrs field of your FSALs static 
fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is 
required)
  2.  You may also want to take a look at ENABLE_RFC_ACL flag. This is not for 
enabling ACLs but it is used for access checks in fsal_check_access_acl.

- Sriram

From: Frank Filz <ffilz...@mindspring.com>
Date: Friday, February 16, 2018 at 8:19 PM
To: Sriram Patil <srir...@vmware.com>, 'Sagar M D' <sagar...@gmail.com>, 
'Supriti Singh' <supriti.si...@suse.com>
Cc: "nfs-ganesha-devel@lists.sourceforge.net" 
<nfs-ganesha-devel@lists.sourceforge.net>
Subject: RE: [Nfs-ganesha-devel] ACL support

It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s 
another detail.

Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX 
ACLs. At this point Ganesha has the following support for ACLs:

FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side 
POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it 
is available to more FSALs (and we will hook it up for FSAL_VFS at that point). 
Note that the conversion is not perfect due to NFS v4 ACLs not actually being a 
superset of POSIX ACLs.

FSAL_GPFS has native support for NFS v4 ACLs.

At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If 
your file system can support NFS v4 ACLs natively, then all you need to do is 
provide a mechanism to transfer between Ganesha’s in memory representation of 
an NFS v4 ACL and your on-disk representation. If your file system can only 
support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER 
(or write your own).

I’d also like to add my usual plug, if you have an out of tree FSAL, we 
encourage you to submit your FSAL into the tree. That allows us a better 
understanding of how Ganesha is being used, and we are less likely to change 
APIs in a way that breaks your FSAL (or we will change your FSAL with the API 
change).

Frank

From: Sriram Patil [mailto:srir...@vmware.com]
Sent: Friday, February 16, 2018 2:51 AM
To: Sagar M D <sagar...@gmail.com>; Supriti Singh <supriti.si...@suse.com>
Cc: nfs-ganesha-devel@lists.sourceforge.net
Subject: Re: [Nfs-ganesha-devel] ACL support

Hi Sagar,

I see in your conf file that you are using NFSv4. POSIX acls do not work on 
NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need 
to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find 
these commands in nfs4-acl-tools package.

- Sriram

From: Sagar M D <sagar...@gmail.com<mailto:sagar...@gmail.com>>
Date: Friday, February 16, 2018 at 3:20 PM
To: Supriti Singh <supriti.si...@suse.com<mailto:supriti.si...@suse.com>>
Cc: 
"nfs-ganesha-devel@lists.sourceforge.net<mailto:nfs-ganesha-devel@lists.sourceforge.net>"

<nfs-ganesha-devel@lists.sourceforge.net<mailto:nfs-ganesha-devel@lists.sourceforge.net>>
Subject: Re: [Nfs-ganesha-devel] ACL support

I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs 
fsal also. Any suggestion here please ?

Operation to request attribute not supported.
Failed to instantiate ACL.

EXPORT
{
Export_Id = 77;

# Exported path (mandatory)
Path = /home;

# Pseudo Path (required for NFS v4)
Pseudo = /home;

# Required for access (default is None)
# Could use CLIENT blocks instead
Access_Type = RW;
Disable_ACL = FALSE;
NFS_Protocols = 4;
Squash = no_root_squash;

# Exporting FSAL
FSAL {
Name = VFS;
}
}
Thanks,
Sagar.

On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D 
<sagar...@gmail.com<mailto:sagar...@gmail.com>> wrote:
Supriti,

We are testing our own FSAL.
Thanks,
Sagar.

On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh 
<supriti.si...@suse.com<mailto:supriti.si...@suse.com>> wrote:
Hi Sagar,

Which FSAL are you using?

--
Supriti Singh
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

>>> Sagar M D <sagar...@gmail.com<mailto:sagar...@gmail.com>> 02/16/18 9:15 AM 
>>> >>>
Hi,

We are setting below value in our EXPORT block to enable ACL.
Disable_ACL = FALSE;
However when try to do any ACL operation it throws get below error:-
Operation to request attribute not supported.
Failed to instantiate ACL.
On further analysis, i found that getattr call on our fsal  export's root 
folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on 
pseudo export is returning "0" in aclsupport field.

Is there anything else in fsal to be taken care to enable acls ?

Thanks,
Sagar.

Re: [Nfs-ganesha-devel] ACL support

2018-02-19 Thread Sagar M D

Sriram,

Setting ATTR_ACL in supported_attrs helped. Now I could able to get the V4
ACLs. Thanks!.

Frank,
Currently we are doing what you are suggesting i.e we are persistently
saving the in-memory representation of ganesha NFSV4 ACL on disk.
And I'm not sure whether we are ready to check in our fsal into ganesha
yet. We will discuss this internally.

Thanks!

On Fri, Feb 16, 2018 at 9:21 PM, Sriram Patil <srir...@vmware.com> wrote:

> Thank you for the correction, Frank.
>
>
>
> Sagar, there are a couple of more things that you have not mentioned yet,
>
>
>
>1. Have you set ATTR_ACL in supported_attrs field of your FSALs static
>fsinfo? (check usage of function nfs4_Fattr_Supported to know why this is
>required)
>2. You may also want to take a look at ENABLE_RFC_ACL flag. This is
>not for enabling ACLs but it is used for access checks in
>fsal_check_access_acl.
>
>
>
> - Sriram
>
>
>
> *From: *Frank Filz <ffilz...@mindspring.com>
> *Date: *Friday, February 16, 2018 at 8:19 PM
> *To: *Sriram Patil <srir...@vmware.com>, 'Sagar M D' <sagar...@gmail.com>,
> 'Supriti Singh' <supriti.si...@suse.com>
> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <nfs-ganesha-devel@lists.
> sourceforge.net>
> *Subject: *RE: [Nfs-ganesha-devel] ACL support
>
>
>
> It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but
> that’s another detail.
>
>
>
> Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for
> POSIX ACLs. At this point Ganesha has the following support for ACLs:
>
>
>
> FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side
> POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so
> it is available to more FSALs (and we will hook it up for FSAL_VFS at that
> point). Note that the conversion is not perfect due to NFS v4 ACLs not
> actually being a superset of POSIX ACLs.
>
>
>
> FSAL_GPFS has native support for NFS v4 ACLs.
>
>
>
> At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL
> API. If your file system can support NFS v4 ACLs natively, then all you
> need to do is provide a mechanism to transfer between Ganesha’s in memory
> representation of an NFS v4 ACL and your on-disk representation. If your
> file system can only support POSIX ACLs, then you will need the translation
> code from FSAL_GLUSTER (or write your own).
>
>
>
> I’d also like to add my usual plug, if you have an out of tree FSAL, we
> encourage you to submit your FSAL into the tree. That allows us a better
> understanding of how Ganesha is being used, and we are less likely to
> change APIs in a way that breaks your FSAL (or we will change your FSAL
> with the API change).
>
>
>
> Frank
>
>
>
> *From:* Sriram Patil [mailto:srir...@vmware.com]
> *Sent:* Friday, February 16, 2018 2:51 AM
> *To:* Sagar M D <sagar...@gmail.com>; Supriti Singh <
> supriti.si...@suse.com>
> *Cc:* nfs-ganesha-devel@lists.sourceforge.net
> *Subject:* Re: [Nfs-ganesha-devel] ACL support
>
>
>
> Hi Sagar,
>
>
>
> I see in your conf file that you are using NFSv4. POSIX acls do not work
> on NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you
> need to use nfs4_getfacl and nfs4_setfacl commands from the client. You can
> find these commands in nfs4-acl-tools package.
>
>
>
> - Sriram
>
>
>
> *From: *Sagar M D <sagar...@gmail.com>
> *Date: *Friday, February 16, 2018 at 3:20 PM
> *To: *Supriti Singh <supriti.si...@suse.com>
> *Cc: *"nfs-ganesha-devel@lists.sourceforge.net" <nfs-ganesha-devel@lists.
> sourceforge.net>
> *Subject: *Re: [Nfs-ganesha-devel] ACL support
>
>
>
> I quickly checked on VFS FSAL using below EXPORT block. I see same issue
> on vfs fsal also. Any suggestion here please ?
>
>
>
> *Operation to request attribute not supported. Failed to instantiate ACL. *
>
> EXPORT
> {
> Export_Id = 77;
>
> # Exported path (mandatory)
> Path = /home;
>
> # Pseudo Path (required for NFS v4)
> Pseudo = /home;
>
> # Required for access (default is None)
> # Could use CLIENT blocks instead
> Access_Type = RW;
> Disable_ACL = FALSE;
> NFS_Protocols = 4;
> Squash = no_root_squash;
>
> # Exporting FSAL
> FSAL {
> Name = VFS;
> }
> }
>
> Thanks,
>
> Sagar.
>
>
>
>
>
> On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D <sagar...@gmail.com> wrote:
>
> Supriti,
>
>
>
> We are testing our own FSAL.
>
> Thanks,
&g

Re: [Nfs-ganesha-devel] ACL support

2018-02-18 Thread Frank Filz

It isn’t quite true that NFS v4 ACLs are a superset of POSIX ACLs, but that’s 
another detail.

Sriram is right, Ganesha doesn’t support the NFS v3 sideband protocol for POSIX 
ACLs. At this point Ganesha has the following support for ACLs:

FSAL_GLUSTER has a translation from client side NFS v4 ACLs to server side 
POSIX ACLs. In V2.7 we plan to move this support to the FSAL common code so it 
is available to more FSALs (and we will hook it up for FSAL_VFS at that point). 
Note that the conversion is not perfect due to NFS v4 ACLs not actually being a 
superset of POSIX ACLs.

FSAL_GPFS has native support for NFS v4 ACLs.

At this time Ganesha is only set up to handle NFS v4 ACLs via the FSAL API. If 
your file system can support NFS v4 ACLs natively, then all you need to do is 
provide a mechanism to transfer between Ganesha’s in memory representation of 
an NFS v4 ACL and your on-disk representation. If your file system can only 
support POSIX ACLs, then you will need the translation code from FSAL_GLUSTER 
(or write your own).

I’d also like to add my usual plug, if you have an out of tree FSAL, we 
encourage you to submit your FSAL into the tree. That allows us a better 
understanding of how Ganesha is being used, and we are less likely to change 
APIs in a way that breaks your FSAL (or we will change your FSAL with the API 
change).

Frank

From: Sriram Patil [mailto:srir...@vmware.com] 
Sent: Friday, February 16, 2018 2:51 AM
To: Sagar M D <sagar...@gmail.com>; Supriti Singh <supriti.si...@suse.com>
Cc: nfs-ganesha-devel@lists.sourceforge.net
Subject: Re: [Nfs-ganesha-devel] ACL support

Hi Sagar,

I see in your conf file that you are using NFSv4. POSIX acls do not work on 
NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need 
to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find 
these commands in nfs4-acl-tools package.

- Sriram

From: Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> >
Date: Friday, February 16, 2018 at 3:20 PM
To: Supriti Singh <supriti.si...@suse.com <mailto:supriti.si...@suse.com> >
Cc: "nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net> " 
<nfs-ganesha-devel@lists.sourceforge.net 
<mailto:nfs-ganesha-devel@lists.sourceforge.net> >
Subject: Re: [Nfs-ganesha-devel] ACL support

I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs 
fsal also. Any suggestion here please ?

Operation to request attribute not supported.
Failed to instantiate ACL.

EXPORT
{
Export_Id = 77;

# Exported path (mandatory)
Path = /home;

# Pseudo Path (required for NFS v4)
Pseudo = /home;

# Required for access (default is None)
# Could use CLIENT blocks instead
Access_Type = RW;
Disable_ACL = FALSE;
NFS_Protocols = 4;
Squash = no_root_squash;

# Exporting FSAL
FSAL {
Name = VFS;
}
}

Thanks,

Sagar.

On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D <sagar...@gmail.com 
<mailto:sagar...@gmail.com> > wrote:

Supriti,

We are testing our own FSAL.

Thanks,

Sagar.

On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh <supriti.si...@suse.com 
<mailto:supriti.si...@suse.com> > wrote:

Hi Sagar,

Which FSAL are you using? 

--

Supriti Singh  

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,

HRB 21284 (AG Nürnberg)

>>> Sagar M D <sagar...@gmail.com <mailto:sagar...@gmail.com> > 02/16/18 9:15 
>>> AM >>>

Hi,

We are setting below value in our EXPORT block to enable ACL.
Disable_ACL = FALSE;

However when try to do any ACL operation it throws get below error:-
Operation to request attribute not supported.
Failed to instantiate ACL.

On further analysis, i found that getattr call on our fsal  export's root 
folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on 
pseudo export is returning "0" in aclsupport field.

Is there anything else in fsal to be taken care to enable acls ?

Thanks,

Sagar.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

2018-02-16 Thread Sriram Patil

Hi Sagar,

I see in your conf file that you are using NFSv4. POSIX acls do not work on 
NFSv4. NFSv4 acls are a superset of POSIX acls. For using NFSv4 acls you need 
to use nfs4_getfacl and nfs4_setfacl commands from the client. You can find 
these commands in nfs4-acl-tools package.

- Sriram

From: Sagar M D <sagar...@gmail.com>
Date: Friday, February 16, 2018 at 3:20 PM
To: Supriti Singh <supriti.si...@suse.com>
Cc: "nfs-ganesha-devel@lists.sourceforge.net" 
<nfs-ganesha-devel@lists.sourceforge.net>
Subject: Re: [Nfs-ganesha-devel] ACL support

I quickly checked on VFS FSAL using below EXPORT block. I see same issue on vfs 
fsal also. Any suggestion here please ?

Operation to request attribute not supported.
Failed to instantiate ACL.

EXPORT
{
Export_Id = 77;

# Exported path (mandatory)
Path = /home;

# Pseudo Path (required for NFS v4)
Pseudo = /home;

# Required for access (default is None)
# Could use CLIENT blocks instead
Access_Type = RW;
Disable_ACL = FALSE;
NFS_Protocols = 4;
Squash = no_root_squash;

# Exporting FSAL
FSAL {
Name = VFS;
}
}
Thanks,
Sagar.

On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D 
<sagar...@gmail.com<mailto:sagar...@gmail.com>> wrote:
Supriti,

We are testing our own FSAL.
Thanks,
Sagar.

On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh 
<supriti.si...@suse.com<mailto:supriti.si...@suse.com>> wrote:
Hi Sagar,

Which FSAL are you using?

--
Supriti Singh
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

>>> Sagar M D <sagar...@gmail.com<mailto:sagar...@gmail.com>> 02/16/18 9:15 AM 
>>> >>>
Hi,

We are setting below value in our EXPORT block to enable ACL.
Disable_ACL = FALSE;
However when try to do any ACL operation it throws get below error:-
Operation to request attribute not supported.
Failed to instantiate ACL.
On further analysis, i found that getattr call on our fsal  export's root 
folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call on 
pseudo export is returning "0" in aclsupport field.

Is there anything else in fsal to be taken care to enable acls ?

Thanks,
Sagar.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

2018-02-16 Thread Sagar M D

I quickly checked on VFS FSAL using below EXPORT block. I see same issue on
vfs fsal also. Any suggestion here please ?



*Operation to request attribute not supported.Failed to instantiate ACL.*

EXPORT
{
Export_Id = 77;

# Exported path (mandatory)
Path = /home;

# Pseudo Path (required for NFS v4)
Pseudo = /home;

# Required for access (default is None)
# Could use CLIENT blocks instead
Access_Type = RW;
Disable_ACL = FALSE;
NFS_Protocols = 4;
Squash = no_root_squash;

# Exporting FSAL
FSAL {
Name = VFS;
}
}

Thanks,
Sagar.




On Fri, Feb 16, 2018 at 2:25 PM, Sagar M D  wrote:

> Supriti,
>
> We are testing our own FSAL.
>
> Thanks,
> Sagar.
>
>
> On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh 
> wrote:
>
>> Hi Sagar,
>>
>> Which FSAL are you using?
>>
>>
>>
>>
>> --
>> Supriti Singh
>> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
>> HRB 21284 (AG Nürnberg)
>>
>> >>> Sagar M D  02/16/18 9:15 AM >>>
>> Hi,
>>
>> We are setting below value in our EXPORT block to enable ACL.
>> *Disable_ACL = FALSE;*
>>
>> However when try to do any ACL operation it throws get below error:-
>>
>> *Operation to request attribute not supported.Failed to instantiate ACL.*
>>
>> On further analysis, i found that getattr call on our fsal  export's root
>> folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call
>> on pseudo export is returning "0" in aclsupport field.
>>
>>
>> Is there anything else in fsal to be taken care to enable acls ?
>>
>> Thanks,
>> Sagar.
>>
>>
>>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

2018-02-16 Thread Sagar M D

Supriti,

We are testing our own FSAL.

Thanks,
Sagar.


On Fri, Feb 16, 2018 at 2:15 PM, Supriti Singh 
wrote:

> Hi Sagar,
>
> Which FSAL are you using?
>
>
>
>
> --
> Supriti Singh
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
> HRB 21284 (AG Nürnberg)
>
> >>> Sagar M D  02/16/18 9:15 AM >>>
> Hi,
>
> We are setting below value in our EXPORT block to enable ACL.
> *Disable_ACL = FALSE;*
>
> However when try to do any ACL operation it throws get below error:-
>
> *Operation to request attribute not supported.Failed to instantiate ACL.*
>
> On further analysis, i found that getattr call on our fsal  export's root
> folder is returning 3 (ALLOW | DENY) in aclsupport field. But getattr call
> on pseudo export is returning "0" in aclsupport field.
>
>
> Is there anything else in fsal to be taken care to enable acls ?
>
> Thanks,
> Sagar.
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

Re: [Nfs-ganesha-devel] ACL support

10 matches

Site Navigation

Mail list logo

Footer information