[gpfsug-discuss] ACL issue with Linux kernel NFSv3

Losen, Stephen C (scl) scl at virginia.edu
Mon Aug 12 19:02:50 BST 2024 

Hi,
How is the permission change flag set on the fileset?

mmlsfileset devname filesetname -Y

If it is set to chmodandsetacl then any posix chmod operation completely replaces the ACL. You can use setaclonly but then chmod fails. Your best option is probably chmodandupdateacl which applies the chmod permissions without destroying the ACL.

I'm guessing that your fileset is chmodandsetacl and that when a directory is created over NFS, a hidden chmod operation is destroying the directory's ACL.

You can change the setting with

mmchfileset devname filesetname --allow-permission-change chmodandupdateacl

Steve Losen
University of Virginia Research Computing

-----Original Message-----
From: gpfsug-discuss <gpfsug-discuss-bounces at gpfsug.org <mailto:gpfsug-discuss-bounces at gpfsug.org>> on behalf of Jan Winter <jan at mcwinter.org <mailto:jan at mcwinter.org>>
Reply-To: gpfsug main discussion list <gpfsug-discuss at gpfsug.org <mailto:gpfsug-discuss at gpfsug.org>>
Date: Monday, August 12, 2024 at 5:42 AM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
Subject: [gpfsug-discuss] ACL issue with Linux kernel NFSv3


Hello,


I'm running a 5.1.9 gpfs cluster on Rocky Linux 8, what we recently 
updated from Centos 7.
Since then I notice that ACL inhered permission are not getting applied 
to new created directory's via NFS.


As an example, we exporting a space
/path/to/space


This space has posix permission + some extra ACL:


group:some-extra-groups:rwxc:allow:FileInherit:DirInherit
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE 
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH 
(X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED


If I create a new file on the NFS client, the ACL get applied, but when 
I create a new directory the ACL are missing.


I didn't had this problem with Centos 7, does anyone here have an idea 
what the problem could be, or a way how to debug this issue?


Regards
Jan


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org <http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org>

More information about the gpfsug-discuss mailing list