[gpfsug-discuss] replicating ACLs across GPFS's?

Simon Thompson S.J.Thompson at bham.ac.uk
Wed Sep 26 18:40:26 BST 2018 

Don't forget we have the upcoming pitch you RFE online meeting.

RFEs have not been flooding in and registrations for the pitch meeting are rather thin on the ground...

Simon
________________________________________
From: gpfsug-discuss-bounces at spectrumscale.org [gpfsug-discuss-bounces at spectrumscale.org] on behalf of Jonathan Buzzard [jonathan.buzzard at strath.ac.uk]
Sent: 26 September 2018 18:13
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] replicating ACLs across GPFS's?

On Tue, 2018-09-25 at 17:22 +0000, Bryan Banister wrote:
> Thanks Simon,
>
> I tried out the older patched version of rsync to see if that would
> work, but still not able to preserve ACLs from an non-GPFS source.
> There was another thread about this on the user group some time ago
> as well (2013!), but doesn’t look like any real solution was found
> (Copy ACLs from outside sources).
>
> I’ve also tried tar | tar, but not luck with that either.
>
> GPFS doesn’t support the nfs4_getacl, nfs4_setfacl, nfs4_editfacl
> suite of commands, but maybe that coulnfs4_acl_for_path.d be added??
>

Well no they work completely differently. However I did write about
this last month. You can do this by modifying just nfs4_acl_for_path.c
and nfs4_set_acl.c so they read/write the GPFS ACL struct and convert
between the GPFS representation and the internal data structure used by
the nfs4-acl-tools to hold NFSv4 ACL's. I have it working for
nfs4_getacl. Though this in of itself gets nothing over mmgetacl, other
than proving the concept valid. I don't have a test GPFS cluster these
days so I need to tread very lightly.

However I had some questions that I was hoping someone from IBM might
answer but didn't and have been busy since. Namely

 1. What's the purpose of a special flag to indicate that it is smbd
    setting the ACL? Does this tie in with the undocumented "mmchfs -k
    samba" feature?

 2. There is a whole bunch of stuff in the documentation about v4.1
    ACL's. How does one trigger that. All I seem to be able to do is
    get POSIX and v4 ACL's. Do you get v4.1 ACL's if you set the file
    system to "Samba" ACL's?

> I could maybe hack something up that would basically crawl the
> “outside source” namespace, using the nfs4_getacl operation get the
> NFSv4 ACLs, parse that output, then attempt to use GPFS `mmputacl` to
> store the ACL again.  This seems like a horrible way to go, likely
> prone to mistakes, tough to validate, nightmare to maintain.
>

I have said it before and will say it again,  mmputacl is an
abomination that needs to be put down with extreme prejudice.

I still think that longer term it would be better to modify FreeBSD's
setfacl/getfacl (say renamed to mmsetfacl and mmgetfacl) to do the job,
on the basis that they handle both POSIX and NFSv4 ACL's in a
single command. Though strictly speaking you only need an mmsetfacl.

Perhaps a RFE?

JAB.

--
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss

More information about the gpfsug-discuss mailing list