Kernel ACL support for NFS/CIFS in 8.04?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
First: in my opinion this is NOT a duplicate of Bug #67175, because it affects the NEXT long term supported ubuntu. It is both, a bug for the former 6.06 LTS, the actual gutsy and a wishlist/bug for hardy (8.04 LTS).
It affects both the lacking NFSv3/v4 and the SMB(2)/CIFS network file system support for ACL's of the ubuntu kernel and user tools. E.g. accordingly patched get/setfacl, lacking of nfs4-acl-tools (see [3]) and not compiled NFSv3 ACL support in the generic kernel.
I am not a kernel developer but I cannot understand where the problem is, if major distributions (redhat/suse) seem to support nfs/cifs with acl out of the box - for about 2 years now (2005), right when ACL support came for SMB (see [4] page 133). So the kernel support must be mature and the user tools exist.
I consider this as a BUG concerning the "ubuntu linux kernel" flavour and "user tools" and cannot find any comment/roadmap from official side (canonical) - except [3] - on giving a solution to both client and server's side.
I also asked for an answer here at lauchpad with Question #18907 (see links below [1]) and Bug #173324 (Will nfs4-acl-tools be in 8.04? - [update] converted into Question #19120 see [7]). Please refer this for additional information.
Conclusion:
1. With 8.04 LTS in mind there should be a clear statement concerning NFS/SMB(2)/CIFS + ACL support in the kernel, so customers could decide - and ubuntu would like to address customers wishes, do they ;) One should not be forced to recompile the kernel and loose support.
2. One also has to check/assure, that gnome, kde and xfce file managers are supporting mounted directories via nfs/smb/cifs and handle acl's properly.
Sincerely yours Axel
Links:
[1] Question #18907 (https:/
[2] Ubuntu Forum - NFS problem (http://
[3] Ubuntu forum - NFS server not presenting ACLs (http://
[4] PDF: Proceedings of the Linux Symposium 6-2007 - A New Network File System is Born: Comparison of SMB2, CIFS, and NFS (https:/
[5] PDF: Novell 5/2005 - Linux, Samba and ACLs: past, present, and future (http://
[6] PDF: NAS Conference 2005 - NFSv4 Co-existence with CIFS in a Multi-protocol Environment (http://
[7] Question #19120 (https:/
>> [4] gives a very excellent and detailed view of the actual state in NFS/SMB(2)/CIFS linux development.
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in linux: | |
assignee: | nobody → ubuntu-kernel-team |
importance: | Wishlist → Medium |
status: | New → Triaged |
I know this is a very special theme for debian/ubuntu. And I like to do my part ;) scripts to test it by yourself very quickly.
So I spent a few afternoon's to verify again what I used to know. But you can use the following informations/
So I went and compiled a custom kernel (using the standard ubuntu 2.6.22 sources) with
cat /boot/config- 2.6.22. 7-nfs-with- acl | grep ACL EXT3_FS_ POSIX_ACL= y NFS_V3_ ACL=y NFSD_V2_ ACL=y NFSD_V3_ ACL=y NFS_ACL_ SUPPORT= m
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
I restarted the system.
Configuration: acl,user_ xattr" subtree_ check).
1. The EXT3 directory is mounted with "defaults,
2. The NFS directory "/home/exchange" is exported with (rw,no_
3. The NFS dir is mounted with "-t nfs -o rw,defaults,acl".
4. Same for SAMBA (hope this is correct, cause I don't use Samba in this context).
5. Create a user and group "exchange" and add yourself to the group.
[exchange]
path = /home/exchange
writable = yes
create mask = 0660
directory mask = 0770
profile acls = yes
inherit acls = yes
available = yes
browsable = yes
public = yes
CHMOD, CHOWN, ACL settings
See attached change_rights.sh. Copy the script into "/home/."
1. The directories get an "exchange" group, that every user is part of.
2. The directories have "g+s", so subdirs inherit the ability for members of "exchange" group to join.
3. Only the following ACL for directories is set, so new files will be created "g+rw":
setfacl -d -m mask: -d -m mask:006
TESTS: /home/exchange /home/a_ user/exchange user,password= a_password //localhost/ exchange /home/a_ user/exchange
mount -t nfs -o acl,defaults,rw localhost:
OR (!) mount -t cifs -o user=a_
cd /home
sh change_rights.sh && getfacl exchange && ls -l exchange/
touch exchange/testfile1 && ls -l exchange/
mkdir exchange/testdir1 && ls -l exchange/
This will provilde you with the necessary informations.
NFS Result:
1. The ACL's that were set with setfacl on a NON-NFS (!) mounted directory are shown correctly with "getfacl" in the shell and with e.g. "eiciel" in nautilus.
2. One cannot set ACLs with "setfacl" on a NFS mounted directory.
3. a) For both in shell and e.g. nautilus it is not possible to touch a file or make a directory.
b) This is the case for root and the any user who should be able to do the job of a)
CIFS Result:
1. No ACLs seen at all. Not in shell nor in e.g. nautilus.
2. File creation: known bug - file groups get's extra execution bit.
3. Directory creation: OK
I blind tested the same on a updated SuSE 10.3 which works like expected.
Conclusion:
A I expected ACLs via NFS/SMB/CIFS are not usable for now.
And as mentioned in [3] above from a canonical emloyee there seems to be more issues than just comiling a new kernel.
Probably one has to test again the basic debian packages in testing/unstable.
I blind tested on a updated SuSE 10.3 in a virtual machine Works without problems.
We use SuSE 10.1 (ext3) at work without problems.
To come to an end: I am shure this will find a way into ubuntu some times - I hope soon ;)