On Thu, Mar 05, 2015 at 03:31:51PM -0500, Tom Young
wrote:> Update ?
>
> I found that we can enable ACLs on the gluster server, and still have
> access to more than 32 groups. I had to remove the acl option from the
> client that was mounting the gluster volume, and everything started working
> the way we wanted. Thank you
Great to hear, thanks for reporting the details!
I was wondering about this too, but did not have the time to try it out
yet. The 'acl' mount option causes a posix-acl xlator to be loaded on
the client-side. This improves the performance for ACL handling, but
that xlator is indeed limited to 32 groups. Dropping the 'acl' option
from the mount command, prevents loading the posix-acl xlator. This is
not an issue, as long as FUSE still uses ACLs when the option is not
passed (which I was not sure of).
If you want, you can file a bug about this problem so we won't forget
about it and can look into fixing it in the future.
Thanks,
Niels
>
>
>
>
>
> Tom Young
>
>
>
> *From:* Tom Young [mailto:tom.young at corvidtec.com]
> *Sent:* Thursday, March 05, 2015 1:36 PM
> *To:* 'gluster-users at gluster.org'
> *Subject:* gluster and acl support
>
>
>
> Hello,
>
> I would like to use ACLs on my gluster volume, and also not be restricted
> by the 32 group limitation if I do. I have noticed that if I enable acl
> support on a client, then I am restricted to using 32 groups. I have
> several users that are part of more than 32 groups, but they still want to
> use ACLs on certain directories. The underlying filesystem is xfs, and I
> have gotten acls to work, but then my users lose access to any group
> they?re a part of after 32.
>
> Has anyone encountered this, and more importantly, have you discovered away
> to make ACLs work with more than 32 groups?
>
>
>
> *Installed RPMs:*
>
> gluster-nagios-common-0.1.1-0.el6.noarch
>
> glusterfs-libs-3.6.2-1.el6.x86_64
>
> glusterfs-geo-replication-3.6.2-1.el6.x86_64
>
> glusterfs-devel-3.6.2-1.el6.x86_64
>
> glusterfs-3.6.2-1.el6.x86_64
>
> glusterfs-cli-3.6.2-1.el6.x86_64
>
> glusterfs-rdma-3.6.2-1.el6.x86_64
>
> glusterfs-fuse-3.6.2-1.el6.x86_64
>
> glusterfs-server-3.6.2-1.el6.x86_64
>
> glusterfs-debuginfo-3.6.2-1.el6.x86_64
>
> glusterfs-extra-xlators-3.6.2-1.el6.x86_64
>
> samba-vfs-glusterfs-4.1.11-2.el6.x86_64
>
> glusterfs-api-3.6.2-1.el6.x86_64
>
> glusterfs-api-devel-3.6.2-1.el6.x86_64
>
>
>
> */etc/fstab entry:*
>
> gfsib01a.corvidtec.com:/homegfs /homegfs glusterfs
> transport=tcp,acl,_netdev 0 0
>
>
>
> *GFS Volume info:*
>
> Volume Name: homegfs
>
> Type: Distributed-Replicate
>
> Volume ID: 1e32672a-f1b7-4b58-ba94-58c085e59071
>
> Status: Started
>
> Number of Bricks: 4 x 2 = 8
>
> Transport-type: tcp
>
> Bricks:
>
> Brick1: gfsib01a.corvidtec.com:/data/brick01a/homegfs
>
> Brick2: gfsib01b.corvidtec.com:/data/brick01b/homegfs
>
> Brick3: gfsib01a.corvidtec.com:/data/brick02a/homegfs
>
> Brick4: gfsib01b.corvidtec.com:/data/brick02b/homegfs
>
> Brick5: gfsib02a.corvidtec.com:/data/brick01a/homegfs
>
> Brick6: gfsib02b.corvidtec.com:/data/brick01b/homegfs
>
> Brick7: gfsib02a.corvidtec.com:/data/brick02a/homegfs
>
> Brick8: gfsib02b.corvidtec.com:/data/brick02b/homegfs
>
> Options Reconfigured:
>
> server.manage-gids: on
>
> changelog.rollover-time: 15
>
> changelog.fsync-interval: 3
>
> changelog.changelog: on
>
> geo-replication.ignore-pid-check: on
>
> geo-replication.indexing: off
>
> storage.owner-gid: 100
>
> network.ping-timeout: 10
>
> server.allow-insecure: on
>
> performance.write-behind-window-size: 128MB
>
> performance.cache-size: 128MB
>
> performance.io-thread-count: 32
>
>
>
> Thank you
>
>
>
> Tom
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL:
<http://www.gluster.org/pipermail/gluster-users/attachments/20150305/8bb2d137/attachment.sig>