[Bug 173267] Re: Some Tests - Kernel ACL support for NFS/CIFS in 8.04?
apos at gmx.de
Fri Dec 7 01:18:13 UTC 2007
I know this is a very special theme for debian/ubuntu. And I like to do my part ;)
So I spent a few afternoon's to verify again what I used to know. But you can use the following informations/scripts to test it by yourself very quickly.
So I went and compiled a custom kernel (using the standard ubuntu 2.6.22
cat /boot/config-18.104.22.168-nfs-with-acl | grep ACL
I restarted the system.
1. The EXT3 directory is mounted with "defaults,acl,user_xattr"
2. The NFS directory "/home/exchange" is exported with (rw,no_subtree_check).
3. The NFS dir is mounted with "-t nfs -o rw,defaults,acl".
4. Same for SAMBA (hope this is correct, cause I don't use Samba in this context).
5. Create a user and group "exchange" and add yourself to the group.
path = /home/exchange
writable = yes
create mask = 0660
directory mask = 0770
profile acls = yes
inherit acls = yes
available = yes
browsable = yes
public = yes
CHMOD, CHOWN, ACL settings
See attached change_rights.sh. Copy the script into "/home/."
1. The directories get an "exchange" group, that every user is part of.
2. The directories have "g+s", so subdirs inherit the ability for members of "exchange" group to join.
3. Only the following ACL for directories is set, so new files will be created "g+rw":
setfacl -d -m mask: -d -m mask:006
mount -t nfs -o acl,defaults,rw localhost:/home/exchange /home/a_user/exchange
OR (!) mount -t cifs -o user=a_user,password=a_password //localhost/exchange /home/a_user/exchange
sh change_rights.sh && getfacl exchange && ls -l exchange/
touch exchange/testfile1 && ls -l exchange/
mkdir exchange/testdir1 && ls -l exchange/
This will provilde you with the necessary informations.
1. The ACL's that were set with setfacl on a NON-NFS (!) mounted directory are shown correctly with "getfacl" in the shell and with e.g. "eiciel" in nautilus.
2. One cannot set ACLs with "setfacl" on a NFS mounted directory.
3. a) For both in shell and e.g. nautilus it is not possible to touch a file or make a directory.
b) This is the case for root and the any user who should be able to do the job of a)
1. No ACLs seen at all. Not in shell nor in e.g. nautilus.
2. File creation: known bug - file groups get's extra execution bit.
3. Directory creation: OK
I blind tested the same on a updated SuSE 10.3 which works like
A I expected ACLs via NFS/SMB/CIFS are not usable for now.
And as mentioned in  above from a canonical emloyee there seems to be more issues than just comiling a new kernel.
Probably one has to test again the basic debian packages in testing/unstable.
I blind tested on a updated SuSE 10.3 in a virtual machine Works without problems.
We use SuSE 10.1 (ext3) at work without problems.
To come to an end: I am shure this will find a way into ubuntu some
times - I hope soon ;)
** Attachment added: "Script to assign ACLs for a directory"
Kernel ACL support for NFS/CIFS in 8.04?
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.
More information about the kernel-bugs