Kernel ACL support for NFS/CIFS in 8.04?

I know this is a very special theme for debian/ubuntu. And I like to do my part ;)
So I spent a few afternoon's to verify again what I used to know. But you can use the following informations/scripts to test it by yourself very quickly.

So I went and compiled a custom kernel (using the standard ubuntu 2.6.22 sources) with

 cat /boot/config-2.6.22.7-nfs-with-acl | grep ACL
  CONFIG_EXT3_FS_POSIX_ACL=y
  CONFIG_NFS_V3_ACL=y
  CONFIG_NFSD_V2_ACL=y
  CONFIG_NFSD_V3_ACL=y
  CONFIG_NFS_ACL_SUPPORT=m

I restarted the system.

Configuration:
1. The EXT3 directory is mounted with "defaults,acl,user_xattr"
2. The NFS directory "/home/exchange" is exported with (rw,no_subtree_check).
3. The NFS dir is mounted with "-t nfs -o rw,defaults,acl".
4. Same for SAMBA (hope this is correct, cause I don't use Samba in this context).
5. Create a user and group "exchange" and add yourself to the group.

 [exchange]
 path = /home/exchange
 writable = yes
 create mask = 0660
 directory mask = 0770
 profile acls = yes
 inherit acls = yes
 available = yes
 browsable = yes
 public = yes

CHMOD, CHOWN, ACL settings

See attached change_rights.sh. Copy the script into "/home/."
1. The directories get an "exchange" group, that every user is part of.
2. The directories have "g+s", so subdirs inherit the ability for members of "exchange" group to join.
3. Only the following ACL for directories is set, so new files will be created "g+rw":
      setfacl -d -m mask: -d -m mask:006

TESTS:
mount -t nfs -o acl,defaults,rw localhost:/home/exchange /home/a_user/exchange
OR (!) mount -t cifs -o user=a_user,password=a_password //localhost/exchange /home/a_user/exchange

cd /home
sh change_rights.sh && getfacl exchange && ls -l exchange/
touch exchange/testfile1 && ls -l exchange/
mkdir exchange/testdir1 && ls -l exchange/

This will provilde you with the necessary informations.

NFS Result:
1. The ACL's that were set with setfacl on a NON-NFS (!) mounted directory are shown correctly with "getfacl" in the shell and with e.g. "eiciel" in nautilus.
2. One cannot set ACLs with "setfacl" on a NFS mounted directory.
3. a) For both in shell and e.g. nautilus it is not possible to touch a file or make a directory.
   b) This is the case for root and the any user who should be able to do the job of a)

CIFS Result:
1. No ACLs seen at all. Not in shell nor in e.g. nautilus.
2. File creation: known bug - file groups get's extra execution bit.
3. Directory creation: OK

I blind tested the same on a updated SuSE 10.3 which works like expected.

Conclusion:
A I expected ACLs via NFS/SMB/CIFS are not usable for now.
And as mentioned in [3] above from a canonical emloyee there seems to be more issues than just comiling a new kernel.

Probably one has to test again the basic debian packages in testing/unstable.
I blind tested on a updated SuSE 10.3 in a virtual machine Works without problems.
We use SuSE 10.1 (ext3) at work without problems.

To come to an end: I am shure this will find a way into ubuntu some times - I hope soon ;)

Re-assigning to correct package.

All of the NFS ACL config options are now enabled for the arch flavours. They are not enabled for the custom binary flavours, e.g., rt, xen, and lpia.

Hi Tim,
wow I am really appreciate how reliable and fast you guys are working.
So there's my contribution from today, 12. Jan 2008.
This really make me happy ;) ;) ;)

I tested everything from scratch like in my bug decription above (common directory shared by different users that belong to a common group).

I updated my virtualbox hoary to the latest generic kernel and configured the system according to my initial bug posting above.
Problems:
cat /boot/config-2.6.24-3-generic | grep ACL
  [...]
  # CONFIG_NFSD_V3_ACL is not set
  # CONFIG_NFS_V3_ACL is not set

So I did the tests with the 2.6.24-"2", which is enabled.

========================
Prerequesites
========================
Remember to manually set
 /etc/exports -- /home/$exchangeUser localhost(rw)
 /etc/fstab -- Options for ext3: defaults,acl
and Reboot.

========================
1. Directory and file creation in the shell
========================
See attachment.
I am testing with the script "nfs_acl_test.sh".
1. Copy the script into "/home".
2. Run the script as root.
3. Then do "su testuser"
4. Run the script as testuser

NFS and ACL are fully working. (see attachment "shell_output")

========================
2. Do gnome/nautilus/eiciel do their job correct?
========================

Manually mount the NFS directory via
   mkdir /home/$USER/exchange
   mount -t nfs -o rw,defaults,acl localhost:/home/exchange/ /home/$USER/exchange/

Open nautilus and create empty folder and files.
Check properties dialog (Alt+Return).

NFS and ACL are fully working/visible.
All ACL settings are inherited like I would expect.

I'll keep an eye on the thing and let you know, if something changes.

Shell Output attached to above posting.

Can confirm, that with

   linux-image-2.6.24-4-generic (2.6.24-4.6)

on hoary/alpha3 NFS and ACL is working.
See testing log attached.

Additionally can confirm the following file/folder actions working properly on a nfs mounted directory

 - cp -av, mv
 - rsync -av --acls --delete (tested as root, seperate backup folder)
 - shell file and folder creation
 - nautilus file and folder creation, moving
 - all operations apply properly even when user changes

See testing log attached.

Is the same thing with cifs also possible?
And will it be with hardy possible?

I have tested it with 2.6.24-5 and I get no acls.

Hello Manuel, could you precise what exactly you did to use acl? Did you mount your ext3 partition in fstab with ACLs enabled (see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/173267/comments/1 above)?

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.

This has not been fixed for NFSv4 yet. The nfs4-acl-tools mentioned in the original bug report are still not in Ubuntu (not in Hardy, not in later releases). Also, libacl doesn't include the NFS4 to POSIX ACL translation.

This means that on a NFS4 file system, there's still no possibility to see, set or change ACLs.

Should I reopen the bug?

Yes, please re-open the bug.

Ubuntu Kernel Team: Please support ALCs and (user_xattr?) in NFS and Samba... including the latest versions of those protocols (like v4).

Can someone confirm that ACLs with NFSv4 will work on lucid? As you can see here http://packages.ubuntu.com/de/lucid/nfs4-acl-tools the package nfs4-acl-tools is now in the universe repository for lucid.

Is there a chance this packages will be backported to karmic or an older release?