Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Setfacl not working as expected
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
manu_leo
Guru
Guru


Joined: 20 Jan 2014
Posts: 513
Location: India
PostPosted: Wed Oct 31, 2018 9:16 am    Post subject: Setfacl not working as expected Reply with quote
Hi Everyone, I have a NFS Server-Client setup where I am trying to use setfacl on Client end to restrict who all remote users can write to the disk of the nfs server.
NFS_Server - 192.168.100.1
NFS_Client - 192.168.100.10
User - harry

So here is what I have -
Quote:
On NFS_SERVER -

1. In the kernel I have ext4 acl support enabled
Quote:
# grep -i acl /boot/config*
CONFIG_EXT4_FS_POSIX_ACL=y
# CONFIG_XFS_POSIX_ACL is not set
CONFIG_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
# CONFIG_NFSD_V3_ACL is not set
CONFIG_NFS_ACL_SUPPORT=y


2. I have mounted the drives using acl option as below -
Quote:
mount -o acl /dev/sdb1 /home/test


3. vim /etc/exports
Quote:
/home/test 192.168.100.10/32(no_root_squash,rw,sync,no_subtree_check)


4. exportfs -a

ON NFS_CLIENT -
1. I mount the NFS_SERVER as below -
Quote:
mount 192.168.100.1:/home/test /home/test


ls -ld /home/test
Quote:
drwxrwxr-x 6 root root 4096 Oct 31 14:29 /home/test


Now when I run setfacl on the NFS_CLIENT as below -
setfacl -m u:harry:rwx /home/test
Quote:
setfacl: /home/test: Operation not supported


here is where I get the Operation not supported. How to come over this issue - NFS_CLIENT has rw permission on the NFS_Server. I am getting this on few servers now.

Appreciate all your help and thanks in advance.
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 621
Location: Yeovil, Somerset, UK
PostPosted: Sun Dec 02, 2018 12:57 am    Post subject: Re: Setfacl not working as expected Reply with quote
I may be missing the point but I think you should be running setfacl on the server itself in this case because the ACL you are amending is the root of the mountpoint and a client should not be able to give itself rights it doesn't have already (a chicken and egg scenario).

Cheers
Jon
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
PostPosted: Sun Dec 02, 2018 1:21 am    Post subject: Reply with quote
Quote:
On the server:

# CONFIG_NFSD_V3_ACL is not set

Why is CONFIG_NFSD_V3_ACL disabled on the server? If you want to use ACLs over NFSv3, this option must be enabled.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy