Differences

This shows you the differences between two versions of the page.

--- gpfs:acl_nfsv4 [2021/04/27 13:10]
manu
+++ gpfs:acl_nfsv4 [2021/12/31 18:48] (current)
manu
@@ Line 1: / Line 1: @@
 ====== ACL and shares NFS and SMB ======
+https://qastack.fr/server/514118/mapping-uid-and-gid-of-local-user-to-the-mounted-nfs-share
+https://www.kernel.org/doc/html/latest/admin-guide/nfs/nfs-idmapper.html
+===== ACL commands =====
+List ACL on a file
+<cli prompt='#'>
+# mmgetacl project2.history
+</cli>
+<code>
+#owner:guest
+#group:usr
+user::rwxc
+group::rwx- #effective:rw--
+other::--x-
+mask::rw-c
+user:alpha:rwxc #effective:rw-c
+group:audit:rwx- #effective:rw--
+group:system:-w--
+</code>
 The concept of a default ACL does not exist for NFS V4 ACLs. Instead, there is a single ACL and the individual ACL entries can be flagged as being inherited (either by files, directories, both, or neither). Therefore, specifying the -d flag on the mmputacl command for an NFS V4 ACL is an error.
@@ Line 20: / Line 42: @@
 </code>
-Note: In IBM Spectrum Scale 5.0.3, a difference in the handling of the NFSv4 ACL bit SYNCHRONIZE can cause access issues for Microsoft Windows clients. The change is that when ACL data is returned to the SMB client, the SYNCHRONIZE bit on ACL "allow" entries is passed unchanged. But Microsoft Windows clients require the SYNCHRONIZE bit to be set for renaming files or directories. Files that are written by Microsoft Windows clients usually have the SYNCHRONIZE bit set.
+**Note:** In IBM Spectrum Scale 5.0.3, a difference in the handling of the NFSv4 ACL bit SYNCHRONIZE can cause access issues for Microsoft Windows clients. The change is that when ACL data is returned to the SMB client, the SYNCHRONIZE bit on ACL "allow" entries is passed unchanged. But Microsoft Windows clients require the SYNCHRONIZE bit to be set for renaming files or directories. Files that are written by Microsoft Windows clients usually have the SYNCHRONIZE bit set.
 To restore the pre-5.0.3 behavior, issue the following command for each SMB share that is affected by the problem:
-/usr/lpp/mmfs/bin/net conf setparm <SMBShareName> 'nfs4:set synchronize' yes
+  /usr/lpp/mmfs/bin/net conf setparm <SMBShareName> 'nfs4:set synchronize' yes
 In the long term, it is a good idea to change the ACLs for all files and directories that are missing the SYNCHRONIZE bit instead of modifying the SMB configuration.
+===== ACL on Linux =====
+You have to install the package
+  nfs4-acl-tools
+=== ACE Permissions ===
+The 'rxtncy' are the permissions the ACE is allowing. Permissions can be used in combonation with each other. A list of permissions and what they do can be found below:
+^ Permission ^	Function ^
+| r | 	read-data (files) / list-directory (directories)|
+| w | 	write-data (files) / create-file (directories)|
+| a | 	append-data (files) / create-subdirectory (directories)|
+| x | 	execute (files) / change-directory (directories)|
+| d | 	delete the file/directory|
+| D | 	delete-child : remove a file or subdirectory from the given directory (directories only)|
+| t | 	read the attributes of the file/directory|
+| T | 	write the attribute of the file/directory|
+| n | 	read the named attributes of the file/directory|
+| N | 	write the named attributes of the file/directory|
+| c | 	read the file/directory ACL|
+| C | 	write the file/directory ACL|
+| o | 	change ownership of the file/directory|
+Note: Aliases such as 'R', 'W', and 'X' can be used as permissions. These work simlarly to POSIX Read/Write/Execute. More detail can be found below.
+^Alias ^	Name ^	Expansion^
+|R |	Read |	rntcy|
+|W |	Write |	watTNcCy (with D added to directory ACE's|
+|X |	Execute |	xtcy|

wiki

User Tools

Site Tools

Differences

Page Tools