[gpfsug-discuss] default owner and group for POSIX ACLs
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Tue Oct 15 21:34:34 BST 2019
On 15/10/2019 17:15, Paul Ward wrote:
[SNIP]
>> ...I am not sure why you need POSIX ACL's if you are running Linux...
> From what I have recently read...
> https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.0/com.ibm.spectrum.scale.v4r2.adm.doc/bl1adm_admnfsaclg.htm
> "Linux does not allow a file system to be NFS V4 exported unless it supports POSIX ACLs."
>
Only if you are using the inbuilt kernel NFS server, which IMHO is awful
from a management perspective. That is you have zero visibility into
what the hell it is doing when it all goes pear shaped unless you break
out dtrace. I am not sure that using dtrace on a production service to
find out what is going on is "best practice". It also in my experience
stops you cleanly shutting down most of the time. The sooner it gets
removed from the kernel the better IMHO.
If you are using protocol nodes which is the only supported option as
far as I am aware then that does not apply. I would imagined if you are
rolling your own Ganesha NFS server it won't matter either.
Checking the code of the FSAL in Ganesha shows functions for converting
between GPFS ACL's and the ACL format as used by Ganesha. My
understanding was one of the drivers for using Ganesha as an NFS server
with GPFS was you can write a FSAL to do just that, in the same way as
on Samba you load the vfs_gpfs module, unless you are into self
flagellation I guess.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list