[Bug 173267] Re: Some Tests - Kernel ACL support for NFS/CIFS in 8.04?

Axel Pospischil apos at gmx.de
Fri Dec 7 01:18:13 UTC 2007

I know this is a very special theme for debian/ubuntu. And I like to do my part ;)
So I spent a few afternoon's to verify again what I used to know. But you can use the following informations/scripts to test it by yourself very quickly.

So I went and compiled a custom kernel (using the standard ubuntu 2.6.22
sources) with

 cat /boot/config- | grep ACL

I restarted the system.

1. The EXT3 directory is mounted with "defaults,acl,user_xattr"
2. The NFS directory "/home/exchange" is exported with (rw,no_subtree_check).
3. The NFS dir is mounted with  "-t nfs -o rw,defaults,acl".
4. Same for SAMBA (hope this is correct, cause I don't use Samba in this context).
5. Create a user and group "exchange" and add yourself to the group.

 path = /home/exchange
 writable = yes
 create mask = 0660
 directory mask = 0770
 profile acls = yes
 inherit acls = yes
 available = yes
 browsable = yes
 public = yes

CHMOD, CHOWN, ACL settings

See attached change_rights.sh. Copy the script into "/home/."
1. The directories get an "exchange" group, that every user is part of.
2. The directories have "g+s", so subdirs inherit the ability for members of "exchange" group to join.
3. Only the following ACL for directories is set, so new files will be created "g+rw":
      setfacl -d -m mask: -d -m mask:006

mount -t nfs -o acl,defaults,rw localhost:/home/exchange /home/a_user/exchange  
OR (!)  mount -t cifs -o user=a_user,password=a_password   //localhost/exchange /home/a_user/exchange

cd /home
sh change_rights.sh && getfacl exchange && ls -l exchange/
touch exchange/testfile1 && ls -l exchange/
mkdir exchange/testdir1 && ls -l exchange/

This will provilde you with the necessary informations.

NFS Result:
1. The ACL's that were set with setfacl on a NON-NFS (!) mounted directory are shown correctly with "getfacl" in the shell and with e.g. "eiciel" in nautilus.
2. One cannot set ACLs with "setfacl" on a NFS mounted directory.
3. a) For both in shell and e.g. nautilus it is not possible to touch a file or make a directory. 
   b) This is the case for root and the any user who should be able to do the job of a)

CIFS Result:
1. No ACLs seen at all. Not in shell nor in e.g. nautilus.
2. File creation: known bug - file groups get's extra execution bit.
3. Directory creation: OK

I blind tested the same on a updated SuSE 10.3 which works like

A I expected ACLs via NFS/SMB/CIFS are not usable for now.
And as mentioned in [3] above from a canonical emloyee there seems to be more issues than just comiling a new kernel. 

Probably one has to test again the basic debian packages in testing/unstable.
I blind tested on a updated SuSE 10.3 in a virtual machine Works without problems.
We use  SuSE 10.1 (ext3) at work without problems.

To come to an end: I am shure this will find a way into ubuntu some
times - I hope soon ;)

** Attachment added: "Script to assign ACLs for a directory"

Kernel ACL support for NFS/CIFS in 8.04?
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.

More information about the kernel-bugs mailing list