[gpfsug-discuss] Enforce ACLs
Mathias Dietz
MDIETZ at de.ibm.com
Wed May 15 12:14:40 BST 2019
Jonathan is mostly right, except that the option is not in mmlsconfig but
part of the filesystem configuration (mmlsfs,mmchfs)
# mmlsfs objfs -k
flag value description
------------------- ------------------------
-----------------------------------
-k nfs4 ACL semantics in effect
Mit freundlichen Grüßen / Kind regards
Mathias Dietz
Spectrum Scale Development - Release Lead Architect (4.2.x)
Spectrum Scale RAS Architect
---------------------------------------------------------------------------
IBM Deutschland
Am Weiher 24
65451 Kelsterbach
Phone: +49 70342744105
Mobile: +49-15152801035
E-Mail: mdietz at de.ibm.com
-----------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk
WittkoppSitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht
Stuttgart, HRB 243294
From: "Fosburgh,Jonathan" <jfosburg at mdanderson.org>
To: "gpfsug-discuss at spectrumscale.org"
<gpfsug-discuss at spectrumscale.org>
Date: 15/05/2019 12:52
Subject: Re: [gpfsug-discuss] Enforce ACLs
Sent by: gpfsug-discuss-bounces at spectrumscale.org
I'm not 100% sure this is that it is, but it is most likely your ACL
config. If you have to use the nfsv4 ACLs, check in mmlsconfig to make
sure you are only using nfsv4 ACLs. I think the options are posix, nfsv4,
and both. I would guess you are set to both.
--
Jonathan Fosburgh
Principal Application Systems Analyst
IT Operations Storage Team
The University of Texas MD Anderson Cancer Center
(713) 745-9346
From: gpfsug-discuss-bounces at spectrumscale.org
<gpfsug-discuss-bounces at spectrumscale.org> on behalf of Rehs, Philipp Helo
<Philipp.Rehs at uni-duesseldorf.de>
Sent: Wednesday, May 15, 2019 3:48:19 AM
To: gpfsug-discuss at spectrumscale.org
Subject: [EXT] [gpfsug-discuss] Enforce ACLs
Hello,
we are using GPFS 4.2.3 and at the moment we are looking into acls and
inheritance.
I have the following acls on a directory:
#NFSv4 ACL
#owner:root
#group:root
special:owner@:rwxc:allow:FileInherit:DirInherit
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(-)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH
(X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
special:group@:r-x-:allow:FileInherit:DirInherit
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED
special:everyone@:----:allow:FileInherit:DirInherit
(-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-
)READ_ACL (-)READ_ATTR (-)READ_NAMED
(-)DELETE (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (-
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED
user:userABC:rwx-:allow:FileInherit:DirInherit
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-
)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
Then the user creates a new folder in this directory and it does not
get the same acl but normal unix permissions.
Is there any way to enforce the new permissions from the parent?
Kind regards
Philipp
--
Heinrich-Heine-Universität Düsseldorf
Zentrum für Informations- und Medientechnologie
Kompetenzzentrum für wissenschaftliches Rechnen und Speichern
Universitätsstraße 1
Gebäude 25.41
Raum 00.51
Telefon: +49-211-81-15557
Mail: Philipp.Rehs at uni-duesseldorf.de
The information contained in this e-mail message may be privileged,
confidential, and/or protected from disclosure. This e-mail message may
contain protected health information (PHI); dissemination of PHI should
comply with applicable federal and state laws. If you are not the intended
recipient, or an authorized representative of the intended recipient, any
further review, disclosure, use, dissemination, distribution, or copying
of this message or any attachment (or the information contained therein)
is strictly prohibited. If you think that you have received this e-mail
message in error, please notify the sender by return e-mail and delete all
references to it and its contents from your systems.
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=9dCEbNr27klWay2AcOfvOE1xq50K-CyRUu4qQx4HOlk&m=T_hndYqE7LOa07-SB6rtf9IPYJT3XiUhUHcCpwbwduM&s=1Xxw6UtKRGh1T4KLYgawTRpI_E_3jHdYnmAy_1rUSrg&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190515/0e53ca0c/attachment.htm>
More information about the gpfsug-discuss
mailing list