epretorious
Dabbler
- Joined
- Jul 28, 2011
- Messages
- 10
Hi:
I use two different computers with a different username & userid on each (epretorious=6021 on one computer and eric=10001 on the other) and I'm trying to share a single directory between the two different user accounts on the two different Linux hosts using NFS: so I...
Everything works as planned when I access the NAS locally (i.e., via SSH):
...but when I mount the NFS share from my laptop, the group ACL's are ignored:
If I convert the ACL's from group-level ACL's to user-level ACL's:
...the problem ACL's work correctly as planned:
Ideas?
I use two different computers with a different username & userid on each (epretorious=6021 on one computer and eric=10001 on the other) and I'm trying to share a single directory between the two different user accounts on the two different Linux hosts using NFS: so I...
- created two different FreeNAS user accounts (eric & epretorious) with the userid's from each of the two computers (10001 & 6021),
- added both accounts to my family group (pretorious),
- set up one NFS share on my volume (/mnt/vol0) with two directories (eric & pretorious),
- created a link from one to the other (epretorious -> eric), and
- set up ACL's to allow the group pretorious to rwx both directories (eric & pretorious).
Code:
[epretorious@freenas /mnt/vol0]$ id eric uid=10001(eric) gid=10001(eric) groups=10001(eric),10000(pretorious) [epretorious@freenas /mnt/vol0]$ id epretorious uid=6021(epretorious) gid=6021(epretorious) groups=6021(epretorious),10000(pretorious) freenas# cd /mnt/vol0/ freenas# ls -al total 18 drwxr-xr-x 6 root wheel 512 Aug 4 23:34 . drwxr-xr-x 4 root 1000 512 Aug 4 23:11 .. drwxrwxr-x 2 root operator 512 Aug 4 23:11 .snap lrwxr-xr-x 1 root wheel 4 Aug 4 23:29 epretorious -> eric drwxrwxr-x+ 3 eric eric 512 Aug 5 00:22 eric drwxrwxr-x+ 2 root wheel 512 Aug 5 00:31 pretorious freenas# getfacl * # file: epretorious # owner: eric # group: eric user::rwx group::r-x group:pretorious:rwx mask::rwx other::r-x # file: eric # owner: eric # group: eric user::rwx group::r-x group:pretorious:rwx mask::rwx other::r-x # file: pretorious # owner: root # group: wheel user::rwx group::r-x group:pretorious:rwx mask::rwx other::r-x
Everything works as planned when I access the NAS locally (i.e., via SSH):
Code:
[epretorious@freenas /mnt/vol0]$ touch eric/foo [epretorious@freenas /mnt/vol0]$ touch pretorious/foo [epretorious@freenas /mnt/vol0]$ ls -al * lrwxr-xr-x 1 root wheel 4 Aug 4 23:29 epretorious -> eric eric: total 10 drwxrwxr-x+ 3 eric eric 512 Aug 5 01:12 . drwxr-xr-x 6 root wheel 512 Aug 4 23:34 .. -rw-r--r-- 1 epretorious eric 0 Aug 5 01:12 foo pretorious: total 6 drwxrwxr-x+ 2 root wheel 512 Aug 5 01:12 . drwxr-xr-x 6 root wheel 512 Aug 4 23:34 .. -rw-r--r-- 1 epretorious wheel 0 Aug 5 01:12 foo
...but when I mount the NFS share from my laptop, the group ACL's are ignored:
Code:
[epretorious@localhost mnt]$ ls -al * lrwxr-xr-x 1 root root 4 2011-08-04 23:29 epretorious -> eric/ eric: total 10 drwxrwxr-x 3 10001 vboxusers 512 2011-08-05 01:12 ./ drwxr-xr-x 6 root root 512 2011-08-04 23:34 ../ -rw-r--r-- 1 epretorious vboxusers 0 2011-08-05 01:12 foo pretorious: total 6 drwxrwxr-x 2 root root 512 2011-08-05 01:12 ./ drwxr-xr-x 6 root root 512 2011-08-04 23:34 ../ -rw-r--r-- 1 epretorious root 0 2011-08-05 01:12 foo [epretorious@localhost mnt]$ rm eric/foo rm: remove regular empty file `eric/foo'? y rm: cannot remove `eric/foo': Permission denied [epretorious@localhost mnt]$ rm pretorious/foo rm: remove regular empty file `pretorious/foo'? y rm: cannot remove `pretorious/foo': Permission denied
If I convert the ACL's from group-level ACL's to user-level ACL's:
Code:
freenas# setfacl -x g:pretorious:rwx eric freenas# setfacl -m u:epretorious:rwx eric freenas# setfacl -x g:pretorious:rwx pretorious freenas# setfacl -m u:epretorious:rwx pretorious
...the problem ACL's work correctly as planned:
Code:
[epretorious@localhost mnt]$ rm eric/foo rm: remove regular empty file `eric/foo'? y [epretorious@localhost mnt]$ rm pretorious/foo rm: remove regular empty file `pretorious/foo'? y [epretorious@localhost mnt]$ ls -al * lrwxr-xr-x 1 root root 4 2011-08-04 23:29 epretorious -> eric/ eric: total 10 drwxrwxr-x 3 10001 vboxusers 512 2011-08-05 01:28 ./ drwxr-xr-x 6 root root 512 2011-08-04 23:34 ../ pretorious: total 6 drwxrwxr-x 2 root root 512 2011-08-05 01:28 ./ drwxr-xr-x 6 root root 512 2011-08-04 23:34 ../
Ideas?