[gpfsug-discuss] replicating ACLs across GPFS's?

Aaron Knister aaron.s.knister at nasa.gov
Tue Sep 25 22:40:50 BST 2018


Just to clarify for myself, is it *all* ACLs that aren't being preserved 
or just NFS4 ACLs that aren't being preserved (e.g. POSIX ACLs work just 
fine). If it's just NFS4 ACLs, I suspect it might not be too hard to 
modify rsync based on the existing patches to translate the nfs4_getfacl 
output to a gpfs_acl_t struct and use gpfs_putacl to write it.

https://www.ibm.com/support/knowledgecenter/SSFKCN_4.1.0.4/com.ibm.cluster.gpfs.v4r104.gpfs100.doc/bl1adm_gpfs_acl_t.htm

Just bear in mind that, to the best of my knowledge, calls like 
gpfs_putacl can be vulnerable to symlink attacks.

-Aaron

On 9/25/18 1:22 PM, Bryan Banister wrote:
> Thanks Simon,
> 
> I tried out the older patched version of rsync to see if that would 
> work, but still not able to preserve ACLs from an non-GPFS source.  
> There was another thread about this on the user group some time ago as 
> well (2013!), but doesn’t look like any real solution was found (Copy 
> ACLs from outside sources 
> <http://www.spectrumscale.org/pipermail/gpfsug-discuss/2013-October/000284.html>).
> 
> I’ve also tried tar | tar, but not luck with that either.
> 
> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl suite 
> of commands, but maybe that could be added??
> 
> I could maybe hack something up that would basically crawl the “outside 
> source” namespace, using the nfs4_getacl operation get the NFSv4 ACLs, 
> parse that output, then attempt to use GPFS `mmputacl` to store the ACL 
> again.  This seems like a horrible way to go, likely prone to mistakes, 
> tough to validate, nightmare to maintain.
> 
> Anybody got better ideas?
> 
> Thanks!
> 
> -Bryan
> 
> *From:* gpfsug-discuss-bounces at spectrumscale.org 
> <gpfsug-discuss-bounces at spectrumscale.org> *On Behalf Of *Simon Thompson
> *Sent:* Friday, September 14, 2018 8:37 AM
> *To:* gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> *Subject:* Re: [gpfsug-discuss] replicating ACLs across GPFS's?
> 
> [EXTERNAL EMAIL]
> 
> Oh I also heard a rumour of some sort of mmcopy type sample script, but 
> I can’t see it in samples on 5.0.1-2…
> 
> Simon
> 
> *From: *<gpfsug-discuss-bounces at spectrumscale.org 
> <mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of Simon 
> Thompson <S.J.Thompson at bham.ac.uk <mailto:S.J.Thompson at bham.ac.uk>>
> *Reply-To: *"gpfsug-discuss at spectrumscale.org 
> <mailto:gpfsug-discuss at spectrumscale.org>" 
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Date: *Friday, 14 September 2018 at 09:41
> *To: *"gpfsug-discuss at spectrumscale.org 
> <mailto:gpfsug-discuss at spectrumscale.org>" 
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Subject: *Re: [gpfsug-discuss] replicating ACLs across GPFS's?
> 
> Last time I built was still against 3.0.9, note there is also a PR in 
> there which fixes the bug with symlinks.
> 
> If anyone wants to rebase the patches against 3.1.3, I’ll happily take a 
> PR 😊
> 
> Simon
> 
> *From: *<gpfsug-discuss-bounces at spectrumscale.org 
> <mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of 
> "bbanister at jumptrading.com <mailto:bbanister at jumptrading.com>" 
> <bbanister at jumptrading.com <mailto:bbanister at jumptrading.com>>
> *Reply-To: *"gpfsug-discuss at spectrumscale.org 
> <mailto:gpfsug-discuss at spectrumscale.org>" 
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Date: *Friday, 14 September 2018 at 00:33
> *To: *"gpfsug-discuss at spectrumscale.org 
> <mailto:gpfsug-discuss at spectrumscale.org>" 
> <gpfsug-discuss at spectrumscale.org <mailto:gpfsug-discuss at spectrumscale.org>>
> *Subject: *[gpfsug-discuss] replicating ACLs across GPFS's?
> 
> I’m checking in on this thread.  Is this patch still working for people 
> with the latest rsync releases?
> 
> https://github.com/gpfsug/gpfsug-tools/tree/master/bin/rsync
> 
> Thanks!
> 
> -Bryan
> 
> ------------------------------------------------------------------------
> 
> 
> Note: This email is for the confidential use of the named addressee(s) 
> only and may contain proprietary, confidential, or privileged 
> information and/or personal data. If you are not the intended recipient, 
> you are hereby notified that any review, dissemination, or copying of 
> this email is strictly prohibited, and requested to notify the sender 
> immediately and destroy this email and any attachments. Email 
> transmission cannot be guaranteed to be secure or error-free. The 
> Company, therefore, does not make any guarantees as to the completeness 
> or accuracy of this email or any attachments. This email is for 
> informational purposes only and does not constitute a recommendation, 
> offer, request, or solicitation of any kind to buy, sell, subscribe, 
> redeem, or perform any type of transaction of a financial product. 
> Personal data, as defined by applicable data privacy laws, contained in 
> this email may be processed by the Company, and any of its affiliated or 
> related companies, for potential ongoing compliance and/or 
> business-related purposes. You may have rights regarding your personal 
> data; for information on exercising these rights or the Company’s 
> treatment of personal data, please email datarequests at jumptrading.com 
> <mailto:datarequests at jumptrading.com>.
> 
> 
> ------------------------------------------------------------------------
> 
> Note: This email is for the confidential use of the named addressee(s) 
> only and may contain proprietary, confidential, or privileged 
> information and/or personal data. If you are not the intended recipient, 
> you are hereby notified that any review, dissemination, or copying of 
> this email is strictly prohibited, and requested to notify the sender 
> immediately and destroy this email and any attachments. Email 
> transmission cannot be guaranteed to be secure or error-free. The 
> Company, therefore, does not make any guarantees as to the completeness 
> or accuracy of this email or any attachments. This email is for 
> informational purposes only and does not constitute a recommendation, 
> offer, request, or solicitation of any kind to buy, sell, subscribe, 
> redeem, or perform any type of transaction of a financial product. 
> Personal data, as defined by applicable data privacy laws, contained in 
> this email may be processed by the Company, and any of its affiliated or 
> related companies, for potential ongoing compliance and/or 
> business-related purposes. You may have rights regarding your personal 
> data; for information on exercising these rights or the Company’s 
> treatment of personal data, please email datarequests at jumptrading.com.
> 
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> 

-- 
Aaron Knister
NASA Center for Climate Simulation (Code 606.2)
Goddard Space Flight Center
(301) 286-2776



More information about the gpfsug-discuss mailing list