Hi, I''m sharing file systems using a smb and nfs, and since I''ve upgraded to snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs. Here''s what I see on a Solaris nfs client: $ ls -lVd ACLtest/ drwxrwx---+ 4 root bsse-it 5 Nov 19 14:03 ACLtest/ user:ryanj:rwxpdDaARWcCos:fd-----:allow user:noddy:rwxpdDaARWcCos:fd-----:allow owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow $ chmod 770 ACLtest/ $ ls -lVd ACLtest/ drwxrwx--- 4 root bsse-it 5 Nov 19 14:03 ACLtest/ owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow Same happens from a Linux or Solaris client I have aclinherit set to passthrough Anyone any ideas? On a snv_134 system, the ACLs are retained. Regards John -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110125/0b185afc/attachment.html>
John, welcome onboard! 2011/1/25 Ryan John <john.ryan at bsse.ethz.ch>:> I?m sharing file systems using a smb and nfs, and since I?ve upgraded to > snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs.<http://opensolaris.org/jive/thread.jspa?threadID=134162> I''d summarize as follows: in order to play nice with Windows ACL semantics via builtin CIFS, they choose the approach of throwing away ACLs on chmod(). Makes Windows happy, others not so. -f
phil.harman@gmail.com
2011-Jan-25 13:50 UTC
[zfs-discuss] Changed ACL behavior in snv_151 ?
Which chmod are you using? (check your PATH) ----- Reply message ----- From: "Ryan John" <john.ryan at bsse.ethz.ch> To: "zfs-discuss at opensolaris.org" <zfs-discuss at opensolaris.org> Subject: [zfs-discuss] Changed ACL behavior in snv_151 ? Date: Tue, Jan 25, 2011 13:31 Hi, I?m sharing file systems using a smb and nfs, and since I?ve upgraded to snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs. Here?s what I see on a Solaris nfs client: $ ls -lVd ACLtest/ drwxrwx---+ 4 root bsse-it 5 Nov 19 14:03 ACLtest/ user:ryanj:rwxpdDaARWcCos:fd-----:allow user:noddy:rwxpdDaARWcCos:fd-----:allow owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow $ chmod 770 ACLtest/ $ ls -lVd ACLtest/ drwxrwx--- 4 root bsse-it 5 Nov 19 14:03 ACLtest/ owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow Same happens from a Linux or Solaris client I have aclinherit set to passthrough Anyone any ideas? On a snv_134 system, the ACLs are retained. Regards John -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110125/b4c587c3/attachment.html>
I?m using /usr/bin/chmod From: phil.harman at gmail.com [mailto:phil.harman at gmail.com] Sent: 25 January 2011 14:50 To: Ryan John; zfs-discuss at opensolaris.org Subject: Re: [zfs-discuss] Changed ACL behavior in snv_151 ? Which chmod are you using? (check your PATH) ----- Reply message ----- From: "Ryan John" <john.ryan at bsse.ethz.ch> To: "zfs-discuss at opensolaris.org" <zfs-discuss at opensolaris.org> Subject: [zfs-discuss] Changed ACL behavior in snv_151 ? Date: Tue, Jan 25, 2011 13:31 Hi, I?m sharing file systems using a smb and nfs, and since I?ve upgraded to snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs. Here?s what I see on a Solaris nfs client: $ ls -lVd ACLtest/ drwxrwx---+ 4 root bsse-it 5 Nov 19 14:03 ACLtest/ user:ryanj:rwxpdDaARWcCos:fd-----:allow user:noddy:rwxpdDaARWcCos:fd-----:allow owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow $ chmod 770 ACLtest/ $ ls -lVd ACLtest/ drwxrwx--- 4 root bsse-it 5 Nov 19 14:03 ACLtest/ owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow Same happens from a Linux or Solaris client I have aclinherit set to passthrough Anyone any ideas? On a snv_134 system, the ACLs are retained. Regards John -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110125/976f1d9f/attachment-0001.html>
> -----Original Message----- > From: Frank Lahm [mailto:franklahm at googlemail.com] > Sent: 25 January 2011 14:50 > To: Ryan John > Cc: zfs-discuss at opensolaris.org > Subject: Re: [zfs-discuss] Changed ACL behavior in snv_151 ?> John,> welcome onboard!> 2011/1/25 Ryan John <john.ryan at bsse.ethz.ch>: >> I?m sharing file systems using a smb and nfs, and since I?ve upgraded to >> snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs.> <http://opensolaris.org/jive/thread.jspa?threadID=134162>> I''d summarize as follows: > in order to play nice with Windows ACL semantics via builtin CIFS, > they choose the approach of throwing away ACLs on chmod(). Makes > Windows happy, others not so.> -fHi Frank, This really breaks our whole setup. Under snv_134 our users were happy with Windows ACLs, and NFSv3 and NFSv4 Linux clients. They all worked very well together. The only problem we had with the deny ACLs, was when using the MacOS "Finder" I don''t think there''s a way we can tell our users not to do a chmod. Was it a result of PSARC/2009/029 ? http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum If so, I think that was implemented around snv_137. This would also mean it''s the same in Illumos. Regards John
We are working on a change to illumos (and NexentaStor) to revive acl_mode... lots and lots of people have had very bad experiences as a result of that particular change. - Garrett On Thu, 2011-01-27 at 07:32 +0000, Ryan John wrote:> > -----Original Message----- > > From: Frank Lahm [mailto:franklahm at googlemail.com] > > Sent: 25 January 2011 14:50 > > To: Ryan John > > Cc: zfs-discuss at opensolaris.org > > Subject: Re: [zfs-discuss] Changed ACL behavior in snv_151 ? > > > John, > > > welcome onboard! > > > 2011/1/25 Ryan John <john.ryan at bsse.ethz.ch>: > >> I?m sharing file systems using a smb and nfs, and since I?ve upgraded to > >> snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs. > > > <http://opensolaris.org/jive/thread.jspa?threadID=134162> > > > I''d summarize as follows: > > in order to play nice with Windows ACL semantics via builtin CIFS, > > they choose the approach of throwing away ACLs on chmod(). Makes > > Windows happy, others not so. > > > -f > Hi Frank, > > This really breaks our whole setup. > Under snv_134 our users were happy with Windows ACLs, and NFSv3 and NFSv4 Linux clients. > They all worked very well together. The only problem we had with the deny ACLs, was when using the MacOS "Finder" > > I don''t think there''s a way we can tell our users not to do a chmod. > > Was it a result of PSARC/2009/029 ? http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum > If so, I think that was implemented around snv_137. > This would also mean it''s the same in Illumos. > > Regards > John > > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
2011/1/27 Ryan John <john.ryan at bsse.ethz.ch>:>> -----Original Message----- >> From: Frank Lahm [mailto:franklahm at googlemail.com] >> Sent: 25 January 2011 14:50 >> To: Ryan John >> Cc: zfs-discuss at opensolaris.org >> Subject: Re: [zfs-discuss] Changed ACL behavior in snv_151 ? > >> John, > >> welcome onboard! > >> 2011/1/25 Ryan ?John <john.ryan at bsse.ethz.ch>: >>> I?m sharing file systems using a smb and nfs, and since I?ve upgraded to >>> snv_151, when I do a chmod from an NFS client, I lose all the NFSv4 ACLs. > >> <http://opensolaris.org/jive/thread.jspa?threadID=134162> > >> I''d summarize as follows: >> in order to play nice with Windows ACL semantics via builtin CIFS, >> they choose the approach of throwing away ACLs on chmod(). Makes >> Windows happy, others not so. > > This really breaks our whole setup. > Under snv_134 our users were happy with Windows ACLs, and NFSv3 and NFSv4 Linux clients. > They all worked very well together. The only problem we had with the deny ACLs, was when using the MacOS "Finder"You could try Netatalk for access from Macs. The OS X AFP VFS plugin is far more forgiving then the CIFS one, making AFP still the file sharing protocol of choice for Macs. We''ve implemented a workaround for this chmod() vs ACL problem in (afair) Netatlk 2.1.5. For easy-to-use ACL support, you could give the just released 2.2-beta1 a try.> Was it a result of PSARC/2009/029 ? http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaumAfair, yes.> If so, I think that was implemented around snv_137.Yes. -f
2011/1/27 Garrett D''Amore <garrett at nexenta.com>:> We are working on a change to illumos (and NexentaStor) to revive > acl_mode... lots and lots of people have had very bad experiences as a > result of that particular change.We had to put a chmod() wrapper into our app (Netatalk) to work around that. Good to hear your planning to tackle this OS side. -f