[gpfsug-discuss] NFS4 ACLs and umask on GPFS

IBM Spectrum Scale scale at us.ibm.com
Tue Aug 8 20:28:31 BST 2017


Yes, that is the intended behavior.  As in the section on traditional ACLs
that you found, the intent is that if there is a default/inherited ACL, the
object is created with that (and if there is no default/inherited ACL, then
the mode and umask are the basis for the initial set of permissions).

Regards, The Spectrum Scale (GPFS) team

------------------------------------------------------------------------------------------------------------------

If you feel that your question can benefit other users of  Spectrum Scale
(GPFS), then please post it to the public IBM developerWroks Forum at
https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479.


If your query concerns a potential software error in Spectrum Scale (GPFS)
and you have an IBM software maintenance contract please contact
1-800-237-5511 in the United States or your local IBM Service Center in
other countries.

The forum is informally monitored as time permits and should not be used
for priority messages to the Spectrum Scale (GPFS) team.



From:	"Dietrich, Stefan" <stefan.dietrich at desy.de>
To:	gpfsug-discuss at spectrumscale.org
Date:	08/08/2017 12:17 PM
Subject:	[gpfsug-discuss] NFS4 ACLs and umask on GPFS
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



Hello,

I am currently trying to understand an issue with ACLs and how GPFS handles
the umask.
The filesystem is configured for NFS4 ACLs only (-k nfs4), filesets have
been configured for chmodAndUpdateACL and the access is through a native
GPFS client (v4.2.3).

If I create a new file in a directory, which has an ACE with inheritance,
the configured umask on the shell is completely ignored.
The new file only contains ACEs from the inherited ACL.
As soon as the ACE with inheritance is removed, newly created files receive
the correct configured umask.
Obvious downside, no ACLs anymore :(

Additionally, it looks like that the specified mode bits for an open call
are ignored as well.
E.g. with an strace I see, that the open call includes the correct mode
bits. However, the new file only has inherited ACEs.

According to the NFSv4 RFC, the behavior is more or less undefined, only
with NFSv4.2 umask will be added to the protocol.
For GPFS, I found a section in the traditional ACL administration section,
but nothing in the NFS4 ACL section of the docs.

Is my current observation the intended behavior of GPFS?

Regards,
Stefan

--
------------------------------------------------------------------------
Stefan Dietrich            Deutsches Elektronen-Synchrotron (IT-Systems)
                        Ein Forschungszentrum der Helmholtz-Gemeinschaft
                                                            Notkestr. 85
phone:  +49-40-8998-4696                                   22607 Hamburg
e-mail: stefan.dietrich at desy.de                                  Germany
------------------------------------------------------------------------
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170808/6cbab1a7/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170808/6cbab1a7/attachment-0002.gif>


More information about the gpfsug-discuss mailing list