[gpfsug-discuss] Setting NFS4 ACL with setxattr()
Christof Schmitt
christof.schmitt at us.ibm.com
Sun Mar 16 23:30:40 GMT 2025
The intention with the xattr access to NFSv4 ACLs is to allow usage of the Linux nfs4-acl-tools: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#nfsacl
The format should be visible in the source code of the tools, i think this would be the struct nfs4_acl: https://git.linux-nfs.org/?p=steved/nfs4-acl-tools.git;a=blob;f=include/nfs4.h;h=d15482e8a720e82d6248f311b537e1057c38adc2;hb=refs/heads/master#l129
I am not sure of the observed behavior with the WRITE_ACL permission.. Recreating that with traces would help understand which case is hit.
Regards,
Christof Schmitt
On Tue, 2025-03-11 at 11:49 +0000, Losen, Stephen C (scl) wrote:
Hi folks,
I've been experimenting with python os.getxattr() and os.setxattr() for getting and setting NFS4 ACLs. I reverse engineered the format of the ACL returned by os.getxattr(), but is it documented anywhere?
I discovered a permission issue when running as a non-root user. If the target file is owned by a different user but has a NFS4 ACE with WRITE_ACL enabled for me, then os.setxattr() nevertheless fails for me with permission denied. As expected, os.chmod() works for me and the chmod and mmputacl commands also work for me.
If I own the file, then os.setxattr() works.
Does anyone know if this is a feature or a bug? The behavior seems inconsistent.
Steve Losen
University of Virginia Research Computing
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20250316/3f84d78e/attachment.htm>
More information about the gpfsug-discuss
mailing list