Dokumentace systému SUSE Linux Enterprise Server › Storage Administration Guide › Managing Access Control Lists over NFSv4
ContentsContents
Storage Administration Guide
  1. About This Guide
  2. 1 Overview of File Systems in Linux
  3. 2 What’s New for Storage in SLES 11
  4. 3 Planning a Storage Solution
  5. 4 LVM Configuration
  6. 5 Resizing File Systems
  7. 6 Using UUIDs to Mount Devices
  8. 7 Managing Multipath I/O for Devices
  9. 8 Software RAID Configuration
  10. 9 Configuring Software RAID1 for the Root Partition
  11. 10 Managing Software RAIDs 6 and 10 with mdadm
  12. 11 Resizing Software RAID Arrays with mdadm
  13. 12 Storage Enclosure LED Utilities for MD Software RAIDs
  14. 13 iSNS for Linux
  15. 14 Mass Storage over IP Networks: iSCSI
  16. 15 Mass Storage over IP Networks: iSCSI LIO Target Server
  17. 16 Fibre Channel Storage over Ethernet Networks: FCoE
  18. 17 LVM Volume Snapshots
  19. 18 Managing Access Control Lists over NFSv4
  20. 19 Troubleshooting Storage Issues
  21. A GNU Licenses
  22. B Documentation Updates
Navigation
Dokumentace systému SUSE Linux Enterprise Server › Storage Administration Guide › Managing Access Control Lists over NFSv4
Top
Applies to SUSE Linux Enterprise Server 12

18 Managing Access Control Lists over NFSv4

There is no single standard for Access Control Lists (ACLs) in Linux beyond the simple user-group-others read, write, and execute (rwx) flags. One option for finer control are the Draft POSIX ACLs, which were never formally standardised by POSIX. Another is the NFSv4 ACLs, which were designed to be part of the NFSv4 network file system with the goal of making something that provided reasonable compatibility between POSIX systems on Linux and WIN32 systems on Microsoft Windows.

NFSv4 ACLs are not sufficient to correctly implement Draft POSIX ACLs so no attempt has been made to map ACL accesses on an NFSv4 client (such as using setfacl).

When using NFSv4, Draft POSIX ACLs cannot be used even in emulation and NFSv4 ACLs need to be used directly; i.e., while setfacl can work on NFSv3, it cannot work on NFSv4.+To allow NFSv4 ACLs to be used on an NFSv4 file system, SUSE Linux Enterprise Server provides the nfs4-acl-tools package which contains the following:

  • nfs4-getfacl

  • nfs4-setfacl

  • nfs4-editacl

These operate in a generally similar way to getfacl and setfacl for examining and modifying NFSv4 ACLs.These commands are effective only if the file system on the NFS server provides full support for NFSv4 ACLs. Any limitation imposed by the server will affect programs running on the client in that some particular combinations of Access Control Entries (ACEs) might not be possible.

It is not supported to mount NFS volumes locally on the exporting NFS server.

Additional Information

For information, see Introduction to NFSv4 ACLs on the Linux-nfs.org Web site (http://wiki.linux-nfs.org/wiki/index.php/ACLs#Introduction_to_NFSv4_ACLs).

Chapter 19 Troubleshooting Storage IssuesChapter 17 LVM Volume Snapshots
Print this page

© 2017 SUSE