[gpfsug-discuss] replicating ACLs across GPFS's?
Aaron Knister
aaron.s.knister at nasa.gov
Tue Sep 25 22:40:50 BST 2018
Just to clarify for myself, is it *all* ACLs that aren't being preserved
or just NFS4 ACLs that aren't being preserved (e.g. POSIX ACLs work just
fine). If it's just NFS4 ACLs, I suspect it might not be too hard to
modify rsync based on the existing patches to translate the nfs4_getfacl
output to a gpfs_acl_t struct and use gpfs_putacl to write it.
https://www.ibm.com/support/knowledgecenter/SSFKCN_4.1.0.4/com.ibm.cluster.gpfs.v4r104.gpfs100.doc/bl1adm_gpfs_acl_t.htm
Just bear in mind that, to the best of my knowledge, calls like
gpfs_putacl can be vulnerable to symlink attacks.
-Aaron
On 9/25/18 1:22 PM, Bryan Banister wrote:
> Thanks Simon,
>
> I tried out the older patched version of rsync to see if that would
> work, but still not able to preserve ACLs from an non-GPFS source.
> There was another thread about this on the user group some time ago as
> well (2013!), but doesn’t look like any real solution was found (Copy
> ACLs from outside sources
> <http://www.spectrumscale.org/pipermail/gpfsug-discuss/2013-October/000284.html>).
>
> I’ve also tried tar | tar, but not luck with that either.
>
> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl suite
> of commands, but maybe that could be added??
>
> I could maybe hack something up that would basically crawl the “outside
> source” namespace, using the nfs4_getacl operation get the NFSv4 ACLs,
> parse that output, then attempt to use GPFS `mmputacl` to store the ACL
> again. This seems like a horrible way to go, likely prone to mistakes,
> tough to validate, nightmare to maintain.
>
> Anybody got better ideas?
>
> Thanks!
>
> -Bryan
>
> *From:* gpfsug-discuss-bounces at spectrumscale.org
> <gpfsug-discuss-bounces at spectrumscale.org> *On Behalf Of *Simon Thompson
> *Sent:* Friday, September 14, 2018 8:37 AM
> *To:* gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> *Subject:* Re: [gpfsug-discuss] replicating ACLs across GPFS's?
>
> [EXTERNAL EMAIL]
>
> Oh I also heard a rumour of some sort of mmcopy type sample script, but
> I can’t see it in samples on 5.0.1-2…
>
> Simon
>
> *From: *<gpfsug-discuss-bounces at spectrumscale.org
> <mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of Simon
> Thompson <S.J.Thompson at bham.ac.uk <mailto:S.J.Thompson at bham.ac.uk>>
> *Reply-To: *"gpfsug-discuss at spectrumscale.org
> <mailto:gpfsug-discuss at spectrumscale.org>"
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Date: *Friday, 14 September 2018 at 09:41
> *To: *"gpfsug-discuss at spectrumscale.org
> <mailto:gpfsug-discuss at spectrumscale.org>"
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Subject: *Re: [gpfsug-discuss] replicating ACLs across GPFS's?
>
> Last time I built was still against 3.0.9, note there is also a PR in
> there which fixes the bug with symlinks.
>
> If anyone wants to rebase the patches against 3.1.3, I’ll happily take a
> PR 😊
>
> Simon
>
> *From: *<gpfsug-discuss-bounces at spectrumscale.org
> <mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of
> "bbanister at jumptrading.com <mailto:bbanister at jumptrading.com>"
> <bbanister at jumptrading.com <mailto:bbanister at jumptrading.com>>
> *Reply-To: *"gpfsug-discuss at spectrumscale.org
> <mailto:gpfsug-discuss at spectrumscale.org>"
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Date: *Friday, 14 September 2018 at 00:33
> *To: *"gpfsug-discuss at spectrumscale.org
> <mailto:gpfsug-discuss at spectrumscale.org>"
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Subject: *[gpfsug-discuss] replicating ACLs across GPFS's?
>
> I’m checking in on this thread. Is this patch still working for people
> with the latest rsync releases?
>
> https://github.com/gpfsug/gpfsug-tools/tree/master/bin/rsync
>
> Thanks!
>
> -Bryan
>
> ------------------------------------------------------------------------
>
>
> Note: This email is for the confidential use of the named addressee(s)
> only and may contain proprietary, confidential, or privileged
> information and/or personal data. If you are not the intended recipient,
> you are hereby notified that any review, dissemination, or copying of
> this email is strictly prohibited, and requested to notify the sender
> immediately and destroy this email and any attachments. Email
> transmission cannot be guaranteed to be secure or error-free. The
> Company, therefore, does not make any guarantees as to the completeness
> or accuracy of this email or any attachments. This email is for
> informational purposes only and does not constitute a recommendation,
> offer, request, or solicitation of any kind to buy, sell, subscribe,
> redeem, or perform any type of transaction of a financial product.
> Personal data, as defined by applicable data privacy laws, contained in
> this email may be processed by the Company, and any of its affiliated or
> related companies, for potential ongoing compliance and/or
> business-related purposes. You may have rights regarding your personal
> data; for information on exercising these rights or the Company’s
> treatment of personal data, please email datarequests at jumptrading.com
> <mailto:datarequests at jumptrading.com>.
>
>
> ------------------------------------------------------------------------
>
> Note: This email is for the confidential use of the named addressee(s)
> only and may contain proprietary, confidential, or privileged
> information and/or personal data. If you are not the intended recipient,
> you are hereby notified that any review, dissemination, or copying of
> this email is strictly prohibited, and requested to notify the sender
> immediately and destroy this email and any attachments. Email
> transmission cannot be guaranteed to be secure or error-free. The
> Company, therefore, does not make any guarantees as to the completeness
> or accuracy of this email or any attachments. This email is for
> informational purposes only and does not constitute a recommendation,
> offer, request, or solicitation of any kind to buy, sell, subscribe,
> redeem, or perform any type of transaction of a financial product.
> Personal data, as defined by applicable data privacy laws, contained in
> this email may be processed by the Company, and any of its affiliated or
> related companies, for potential ongoing compliance and/or
> business-related purposes. You may have rights regarding your personal
> data; for information on exercising these rights or the Company’s
> treatment of personal data, please email datarequests at jumptrading.com.
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
--
Aaron Knister
NASA Center for Climate Simulation (Code 606.2)
Goddard Space Flight Center
(301) 286-2776
More information about the gpfsug-discuss
mailing list