[gpfsug-discuss] replicating ACLs across GPFS's?

Jonathan Buzzard jonathan.buzzard at strath.ac.uk
Wed Sep 26 18:13:41 BST 2018 

On Tue, 2018-09-25 at 17:22 +0000, Bryan Banister wrote:
> Thanks Simon,
>  
> I tried out the older patched version of rsync to see if that would
> work, but still not able to preserve ACLs from an non-GPFS source. 
> There was another thread about this on the user group some time ago
> as well (2013!), but doesn’t look like any real solution was found
> (Copy ACLs from outside sources).
>  
> I’ve also tried tar | tar, but not luck with that either.
>  
> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl
> suite of commands, but maybe that coulnfs4_acl_for_path.d be added??
>  

Well no they work completely differently. However I did write about
this last month. You can do this by modifying just nfs4_acl_for_path.c
and nfs4_set_acl.c so they read/write the GPFS ACL struct and convert
between the GPFS representation and the internal data structure used by
the nfs4-acl-tools to hold NFSv4 ACL's. I have it working for
nfs4_getacl. Though this in of itself gets nothing over mmgetacl, other
than proving the concept valid. I don't have a test GPFS cluster these
days so I need to tread very lightly.

However I had some questions that I was hoping someone from IBM might
answer but didn't and have been busy since. Namely

 1. What's the purpose of a special flag to indicate that it is smbd
    setting the ACL? Does this tie in with the undocumented "mmchfs -k
    samba" feature?

 2. There is a whole bunch of stuff in the documentation about v4.1
    ACL's. How does one trigger that. All I seem to be able to do is 
    get POSIX and v4 ACL's. Do you get v4.1 ACL's if you set the file
    system to "Samba" ACL's?

> I could maybe hack something up that would basically crawl the
> “outside source” namespace, using the nfs4_getacl operation get the
> NFSv4 ACLs, parse that output, then attempt to use GPFS `mmputacl` to
> store the ACL again.  This seems like a horrible way to go, likely
> prone to mistakes, tough to validate, nightmare to maintain.
>  

I have said it before and will say it again,  mmputacl is an
abomination that needs to be put down with extreme prejudice.

I still think that longer term it would be better to modify FreeBSD's
setfacl/getfacl (say renamed to mmsetfacl and mmgetfacl) to do the job,
on the basis that they handle both POSIX and NFSv4 ACL's in a 
single command. Though strictly speaking you only need an mmsetfacl.

Perhaps a RFE?

JAB.

-- 
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG

More information about the gpfsug-discuss mailing list