Migrating from NFSv3 to v4 - NFSv4 ACL/permission confusion

Joe Auty joe at netmusician.org
Mon Dec 6 22:41:28 UTC 2010 

Rick Macklem wrote:
>> Hello,
>>
>> This is possibly a more fundamental non-FreeBSD specific set of
>> questions, but ultimately this is relevant to usage on FreeBSD, so...
>>
>> I'm fairly certain that NFSv4 is supported under Solaris 10/ZFS and
>> FreeBSD/ZFS via the standard "share" binary or the sharenfs ZFS
>> property, right?
>>
>> In mounting an NFS share on my FreeBSD test machine via the following:
>>
>> mount -t nfs -o rw,nfsv4 ipaddress:/share /path/to/share/directory
>>
>> I'm unable to change the permissions of any of these files via a
>> standard chmod on the client (FreeBSD) side. What are NFSv4 ACLs, and
>> is
>> this in any way relevant to my problem here? Do ACLs need to be set in
>> order to use a volume like I can an NFSv3 volume, which works just
>> fine
>> for me?
>>
> It might be worth capturing packets "tcpdump -s 0 -w xxx host <server>"
> while trying a "chmod" and seeing what goes over the wire. You can look
> at it via wireshark or email me "xxx" and I can take a look.
>
> I don't know anything about ZFS, but you could try getfacl/setfacl on the
> client and see what happens?
>
> Edward Napierala (trasz at freebsd.org) did commit a recent change w.r.t.
> NFSv4 ACLs and I remember the discussion saying something like "after
> this change, chmod no longer does anything once ACLs are enabled, but I
> have no idea if it is relevant.
>
> Also, make sure "ls -l" is not reporting "nobody". If the user/group
> name mapping isn't working, most Setattr Ops will fail.
>

Okay,

Here is my dump command... The NFS host is 192.168.0.20:

# tcpdump -s 0 -w dumpfile.txt host 192.168.0.20
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size
65535 bytes


In NFS mount:

# ls -l
total 2
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 blah
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 test2
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 test3

# chown joe blah

(no response)

"joe" is indeed a local user on the NFS client side.

This is not generating any tcpdump output though.

# ls -l
total 2
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 blah
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 test2
-rw-r--r--  1 root  wheel  0 Dec  4 23:19 test3

No actual permission change


I created these files as root, so that much is being recognized...





> rick
>


-- 
Joe Auty, NetMusician
NetMusician helps musicians, bands and artists create beautiful,
professional, custom designed, career-essential websites that are easy
to maintain and to integrate with popular social networks.
www.netmusician.org <http://www.netmusician.org>
joe at netmusician.org <mailto:joe at netmusician.org>

More information about the freebsd-fs mailing list