Hello, I would like to use ACLs on my gluster volume, and also not be restricted by the 32 group limitation if I do. I have noticed that if I enable acl support on a client, then I am restricted to using 32 groups. I have several users that are part of more than 32 groups, but they still want to use ACLs on certain directories. The underlying filesystem is xfs, and I have gotten acls to work, but then my users lose access to any group they?re a part of after 32. Has anyone encountered this, and more importantly, have you discovered away to make ACLs work with more than 32 groups? *Installed RPMs:* gluster-nagios-common-0.1.1-0.el6.noarch glusterfs-libs-3.6.2-1.el6.x86_64 glusterfs-geo-replication-3.6.2-1.el6.x86_64 glusterfs-devel-3.6.2-1.el6.x86_64 glusterfs-3.6.2-1.el6.x86_64 glusterfs-cli-3.6.2-1.el6.x86_64 glusterfs-rdma-3.6.2-1.el6.x86_64 glusterfs-fuse-3.6.2-1.el6.x86_64 glusterfs-server-3.6.2-1.el6.x86_64 glusterfs-debuginfo-3.6.2-1.el6.x86_64 glusterfs-extra-xlators-3.6.2-1.el6.x86_64 samba-vfs-glusterfs-4.1.11-2.el6.x86_64 glusterfs-api-3.6.2-1.el6.x86_64 glusterfs-api-devel-3.6.2-1.el6.x86_64 */etc/fstab entry:* gfsib01a.corvidtec.com:/homegfs /homegfs glusterfs transport=tcp,acl,_netdev 0 0 *GFS Volume info:* Volume Name: homegfs Type: Distributed-Replicate Volume ID: 1e32672a-f1b7-4b58-ba94-58c085e59071 Status: Started Number of Bricks: 4 x 2 = 8 Transport-type: tcp Bricks: Brick1: gfsib01a.corvidtec.com:/data/brick01a/homegfs Brick2: gfsib01b.corvidtec.com:/data/brick01b/homegfs Brick3: gfsib01a.corvidtec.com:/data/brick02a/homegfs Brick4: gfsib01b.corvidtec.com:/data/brick02b/homegfs Brick5: gfsib02a.corvidtec.com:/data/brick01a/homegfs Brick6: gfsib02b.corvidtec.com:/data/brick01b/homegfs Brick7: gfsib02a.corvidtec.com:/data/brick02a/homegfs Brick8: gfsib02b.corvidtec.com:/data/brick02b/homegfs Options Reconfigured: server.manage-gids: on changelog.rollover-time: 15 changelog.fsync-interval: 3 changelog.changelog: on geo-replication.ignore-pid-check: on geo-replication.indexing: off storage.owner-gid: 100 network.ping-timeout: 10 server.allow-insecure: on performance.write-behind-window-size: 128MB performance.cache-size: 128MB performance.io-thread-count: 32 Thank you Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150305/61dfde14/attachment.html>
Just to clarify: We are having our ACL's managed on our server, not on the client. In other words, we turn on server.manage-gids on our gluster volume. We then mount the homegfs volume using the "ACL" flag in our fstab. This works fine and we can set and use ACL; however, the clients can no longer use more than 32-groups. If we take the "ACL" out of the mount on the server, ACL no longer works on our clients, but the 32-group limit is gone. David (Sent from mobile) ==============================David F. Robinson, Ph.D. President - Corvid Technologies 704.799.6944 x101 [office] 704.252.1310 [cell] 704.799.7974 [fax] David.Robinson at corvidtec.com http://www.corvidtechnologies.com> On Mar 5, 2015, at 1:35 PM, Tom Young <tom.young at corvidtec.com> wrote: > > Hello, > I would like to use ACLs on my gluster volume, and also not be restricted by the 32 group limitation if I do. I have noticed that if I enable acl support on a client, then I am restricted to using 32 groups. I have several users that are part of more than 32 groups, but they still want to use ACLs on certain directories. The underlying filesystem is xfs, and I have gotten acls to work, but then my users lose access to any group they?re a part of after 32. > Has anyone encountered this, and more importantly, have you discovered away to make ACLs work with more than 32 groups? > > Installed RPMs: > gluster-nagios-common-0.1.1-0.el6.noarch > glusterfs-libs-3.6.2-1.el6.x86_64 > glusterfs-geo-replication-3.6.2-1.el6.x86_64 > glusterfs-devel-3.6.2-1.el6.x86_64 > glusterfs-3.6.2-1.el6.x86_64 > glusterfs-cli-3.6.2-1.el6.x86_64 > glusterfs-rdma-3.6.2-1.el6.x86_64 > glusterfs-fuse-3.6.2-1.el6.x86_64 > glusterfs-server-3.6.2-1.el6.x86_64 > glusterfs-debuginfo-3.6.2-1.el6.x86_64 > glusterfs-extra-xlators-3.6.2-1.el6.x86_64 > samba-vfs-glusterfs-4.1.11-2.el6.x86_64 > glusterfs-api-3.6.2-1.el6.x86_64 > glusterfs-api-devel-3.6.2-1.el6.x86_64 > > /etc/fstab entry: > gfsib01a.corvidtec.com:/homegfs /homegfs glusterfs transport=tcp,acl,_netdev 0 0 > > GFS Volume info: > Volume Name: homegfs > Type: Distributed-Replicate > Volume ID: 1e32672a-f1b7-4b58-ba94-58c085e59071 > Status: Started > Number of Bricks: 4 x 2 = 8 > Transport-type: tcp > Bricks: > Brick1: gfsib01a.corvidtec.com:/data/brick01a/homegfs > Brick2: gfsib01b.corvidtec.com:/data/brick01b/homegfs > Brick3: gfsib01a.corvidtec.com:/data/brick02a/homegfs > Brick4: gfsib01b.corvidtec.com:/data/brick02b/homegfs > Brick5: gfsib02a.corvidtec.com:/data/brick01a/homegfs > Brick6: gfsib02b.corvidtec.com:/data/brick01b/homegfs > Brick7: gfsib02a.corvidtec.com:/data/brick02a/homegfs > Brick8: gfsib02b.corvidtec.com:/data/brick02b/homegfs > Options Reconfigured: > server.manage-gids: on > changelog.rollover-time: 15 > changelog.fsync-interval: 3 > changelog.changelog: on > geo-replication.ignore-pid-check: on > geo-replication.indexing: off > storage.owner-gid: 100 > network.ping-timeout: 10 > server.allow-insecure: on > performance.write-behind-window-size: 128MB > performance.cache-size: 128MB > performance.io-thread-count: 32 > > Thank you > > Tom > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://www.gluster.org/mailman/listinfo/gluster-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150305/68456657/attachment.html>
Update ? I found that we can enable ACLs on the gluster server, and still have access to more than 32 groups. I had to remove the acl option from the client that was mounting the gluster volume, and everything started working the way we wanted. Thank you Tom Young *From:* Tom Young [mailto:tom.young at corvidtec.com] *Sent:* Thursday, March 05, 2015 1:36 PM *To:* 'gluster-users at gluster.org' *Subject:* gluster and acl support Hello, I would like to use ACLs on my gluster volume, and also not be restricted by the 32 group limitation if I do. I have noticed that if I enable acl support on a client, then I am restricted to using 32 groups. I have several users that are part of more than 32 groups, but they still want to use ACLs on certain directories. The underlying filesystem is xfs, and I have gotten acls to work, but then my users lose access to any group they?re a part of after 32. Has anyone encountered this, and more importantly, have you discovered away to make ACLs work with more than 32 groups? *Installed RPMs:* gluster-nagios-common-0.1.1-0.el6.noarch glusterfs-libs-3.6.2-1.el6.x86_64 glusterfs-geo-replication-3.6.2-1.el6.x86_64 glusterfs-devel-3.6.2-1.el6.x86_64 glusterfs-3.6.2-1.el6.x86_64 glusterfs-cli-3.6.2-1.el6.x86_64 glusterfs-rdma-3.6.2-1.el6.x86_64 glusterfs-fuse-3.6.2-1.el6.x86_64 glusterfs-server-3.6.2-1.el6.x86_64 glusterfs-debuginfo-3.6.2-1.el6.x86_64 glusterfs-extra-xlators-3.6.2-1.el6.x86_64 samba-vfs-glusterfs-4.1.11-2.el6.x86_64 glusterfs-api-3.6.2-1.el6.x86_64 glusterfs-api-devel-3.6.2-1.el6.x86_64 */etc/fstab entry:* gfsib01a.corvidtec.com:/homegfs /homegfs glusterfs transport=tcp,acl,_netdev 0 0 *GFS Volume info:* Volume Name: homegfs Type: Distributed-Replicate Volume ID: 1e32672a-f1b7-4b58-ba94-58c085e59071 Status: Started Number of Bricks: 4 x 2 = 8 Transport-type: tcp Bricks: Brick1: gfsib01a.corvidtec.com:/data/brick01a/homegfs Brick2: gfsib01b.corvidtec.com:/data/brick01b/homegfs Brick3: gfsib01a.corvidtec.com:/data/brick02a/homegfs Brick4: gfsib01b.corvidtec.com:/data/brick02b/homegfs Brick5: gfsib02a.corvidtec.com:/data/brick01a/homegfs Brick6: gfsib02b.corvidtec.com:/data/brick01b/homegfs Brick7: gfsib02a.corvidtec.com:/data/brick02a/homegfs Brick8: gfsib02b.corvidtec.com:/data/brick02b/homegfs Options Reconfigured: server.manage-gids: on changelog.rollover-time: 15 changelog.fsync-interval: 3 changelog.changelog: on geo-replication.ignore-pid-check: on geo-replication.indexing: off storage.owner-gid: 100 network.ping-timeout: 10 server.allow-insecure: on performance.write-behind-window-size: 128MB performance.cache-size: 128MB performance.io-thread-count: 32 Thank you Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150305/5b344844/attachment.html>