Mixing fBSD 4 and 5 - NFS ACL's
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Oct 11 03:10:33 PDT 2004
On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote:
> I need to use the new ACL feature on one of our servers..... However the
> data doesn't reside on the server that its being served from it is
> mounted via NFS.
>
> Im guessing I will need to install fBSD5 on the two servers I want to
> use ACL on, but will the other fBSD4 servers still be able to use NFS ok
> (they don't need to use ACL)??
>
> Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and
> also, how stable is / does ACL even work between to fBSD5 machines using
> NFS?
See
http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html
under the 'Desired Features for 5.3-RELEASE' section:
| | | | Currently, MAC |
| | | | protections are |
| | | | enforced only on |
| | | | locally originated |
| | | | file system |
| | | | operations (VOPs), |
| | | | and not on RPCs |
| | | | generated via the |
| | | | NFS server. |
| MAC support for | | | Improvements in NFS |
| NFS Server | Not done | Robert Watson | server credential |
| | | | handling are |
| | | | required to correct |
| | | | this problem, as |
| | | | well as the |
| | | | introduction of new |
| | | | entry points to |
| | | | properly label NFS |
| | | | credentials and |
| | | | perform enforcement |
| | | | properly. |
So the only possibility for ACL support over NFS is going to be a 5.x
release, but seeing as it hasn't been included yet, probably not
5.3-RELEASE.
One possible route around that would be to use GEOM Gate -- that's a
system rather like iSCSI or Linux's DRDB, where the server exports a
disk device, rather than a filesystem. This is a standard part of 5.x
now, and will be in 5.3-RELEASE, but it's still very new, so test
carefully before putting it onto important servers.
See:
http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html
http://www.freebsd.org/cgi/man.cgi?query=ggatec&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html
http://www.freebsd.org/cgi/man.cgi?query=ggated&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html
http://www.freebsd.org/cgi/man.cgi?query=ggatel&apropos=0&sektion=0&manpath=FreeBSD+6.0-current&format=html
A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS
server. FreeBSD 4.x has no support for GEOM Gate though.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20041011/e04298ff/attachment.bin
More information about the freebsd-questions
mailing list