Filesystem ACL's

Status
Not open for further replies.
epretorious

epretorious

Dabbler
Joined
Jul 28, 2011
Messages
10
Hi:

I use two different computers with a different username & userid on each (epretorious=6021 on one computer and eric=10001 on the other) and I'm trying to share a single directory between the two different user accounts on the two different Linux hosts using NFS: so I...
  1. created two different FreeNAS user accounts (eric & epretorious) with the userid's from each of the two computers (10001 & 6021),
  2. added both accounts to my family group (pretorious),
  3. set up one NFS share on my volume (/mnt/vol0) with two directories (eric & pretorious),
  4. created a link from one to the other (epretorious -> eric), and
  5. set up ACL's to allow the group pretorious to rwx both directories (eric & pretorious).
Code:
[epretorious@freenas /mnt/vol0]$ id eric
uid=10001(eric) gid=10001(eric) groups=10001(eric),10000(pretorious)
[epretorious@freenas /mnt/vol0]$ id epretorious
uid=6021(epretorious) gid=6021(epretorious) groups=6021(epretorious),10000(pretorious)

freenas# cd /mnt/vol0/

freenas# ls -al
total 18
drwxr-xr-x  6 root     wheel     512 Aug  4 23:34 .
drwxr-xr-x  4 root     1000      512 Aug  4 23:11 ..
drwxrwxr-x  2 root     operator  512 Aug  4 23:11 .snap
lrwxr-xr-x  1 root     wheel       4 Aug  4 23:29 epretorious -> eric
drwxrwxr-x+ 3 eric     eric      512 Aug  5 00:22 eric
drwxrwxr-x+ 2 root     wheel     512 Aug  5 00:31 pretorious

freenas# getfacl *
# file: epretorious
# owner: eric
# group: eric
user::rwx
group::r-x
group:pretorious:rwx
mask::rwx
other::r-x

# file: eric
# owner: eric
# group: eric
user::rwx
group::r-x
group:pretorious:rwx
mask::rwx
other::r-x

# file: pretorious
# owner: root
# group: wheel
user::rwx
group::r-x
group:pretorious:rwx
mask::rwx
other::r-x

Everything works as planned when I access the NAS locally (i.e., via SSH):
Code:
[epretorious@freenas /mnt/vol0]$ touch eric/foo

[epretorious@freenas /mnt/vol0]$ touch pretorious/foo

[epretorious@freenas /mnt/vol0]$ ls -al *
lrwxr-xr-x  1 root  wheel  4 Aug  4 23:29 epretorious -> eric

eric:
total 10
drwxrwxr-x+ 3 eric         eric   512 Aug  5 01:12 .
drwxr-xr-x  6 root         wheel  512 Aug  4 23:34 ..
-rw-r--r--  1 epretorious  eric     0 Aug  5 01:12 foo

pretorious:
total 6
drwxrwxr-x+ 2 root         wheel  512 Aug  5 01:12 .
drwxr-xr-x  6 root         wheel  512 Aug  4 23:34 ..
-rw-r--r--  1 epretorious  wheel    0 Aug  5 01:12 foo

...but when I mount the NFS share from my laptop, the group ACL's are ignored:
Code:
[epretorious@localhost mnt]$ ls -al *
lrwxr-xr-x 1 root  root        4 2011-08-04 23:29 epretorious -> eric/

eric:
total 10
drwxrwxr-x 3       10001 vboxusers 512 2011-08-05 01:12 ./
drwxr-xr-x 6 root        root      512 2011-08-04 23:34 ../
-rw-r--r-- 1 epretorious vboxusers   0 2011-08-05 01:12 foo

pretorious:
total 6
drwxrwxr-x 2 root        root 512 2011-08-05 01:12 ./
drwxr-xr-x 6 root        root 512 2011-08-04 23:34 ../
-rw-r--r-- 1 epretorious root   0 2011-08-05 01:12 foo

[epretorious@localhost mnt]$ rm eric/foo
rm: remove regular empty file `eric/foo'? y
rm: cannot remove `eric/foo': Permission denied

[epretorious@localhost mnt]$ rm pretorious/foo 
rm: remove regular empty file `pretorious/foo'? y
rm: cannot remove `pretorious/foo': Permission denied

If I convert the ACL's from group-level ACL's to user-level ACL's:
Code:
freenas# setfacl -x g:pretorious:rwx eric
freenas# setfacl -m u:epretorious:rwx eric
freenas# setfacl -x g:pretorious:rwx pretorious
freenas# setfacl -m u:epretorious:rwx pretorious

...the problem ACL's work correctly as planned:
Code:
[epretorious@localhost mnt]$ rm eric/foo
rm: remove regular empty file `eric/foo'? y

[epretorious@localhost mnt]$ rm pretorious/foo 
rm: remove regular empty file `pretorious/foo'? y

[epretorious@localhost mnt]$ ls -al *
lrwxr-xr-x 1 root  root        4 2011-08-04 23:29 epretorious -> eric/

eric:
total 10
drwxrwxr-x 3       10001 vboxusers 512 2011-08-05 01:28 ./
drwxr-xr-x 6 root        root      512 2011-08-04 23:34 ../

pretorious:
total 6
drwxrwxr-x 2 root root 512 2011-08-05 01:28 ./
drwxr-xr-x 6 root root 512 2011-08-04 23:34 ../

Ideas?
 
P

ProtoSD

MVP
Joined
Jul 1, 2011
Messages
3,348
I'm not sure why you created the links in step #4, but have you also created the same group and added those users on your laptop? Make sure the GID is the same on your laptop as FreeNAS?
 
epretorious

epretorious

Dabbler
Joined
Jul 28, 2011
Messages
10
protosd said:
I'm not sure why you created the links in step #4
Click to expand...
I'm also trying to share home directories between different user accounts (eric & epretorious) on different computers using SAMBA (but that's a project for another day).

protosd said:
...but have you also created the same group and added those users on your laptop? Make sure the GID is the same on your laptop as FreeNAS?
Click to expand...
Apparently I hadn't taken care to align the GID that I applied on the server with the GID associated with the account. i.e., Even though I'm not a member of the xguest group on my laptop, I am able to rwx the exported directories once I applied the correct GID to the servers ACL's:

On the NFS client...
Code:
[epretorious@localhost nfs]$ id
uid=6021(epretorious) gid=6021(epretorious) groups=10(wheel),6021(epretorious),10001(vboxusers)

[epretorious@localhost nfs]$ mount
...
192.168.0.2:/mnt/vol0 on /mnt/nfs type nfs (rw,addr=192.168.0.2)
...

[epretorious@localhost nfs]$ cd /mnt/nfs

[epretorious@localhost nfs]$ ls -al
total 20
drwxr-xr-x 6 root  root    512 2011-08-04 23:34 ./
drwxr-xr-x 3 root  root   4096 2011-08-07 22:36 ../
lrwxr-xr-x 1 root  root      4 2011-08-04 23:29 epretorious -> eric/
drwxrwxr-x 3 10001 xguest  512 2011-08-08 00:12 eric/
drwxrwxr-x 2 root  xguest  512 2011-08-07 23:15 pretorious/

[epretorious@localhost nfs]$ touch eric/foo
[epretorious@localhost nfs]$ touch pretorious/foo
[epretorious@localhost nfs]$ rm eric/foo
rm: remove regular empty file `eric/foo'? y
[epretorious@localhost nfs]$ rm pretorious/foo 
rm: remove regular empty file `pretorious/foo'? y

On the NFS server...
Code:
freenas# cd /mnt/vol0/

freenas# getfacl *
# file: epretorious
# owner: eric
# group: pretorious
user::rwx
group::r-x
group:6021:rwx
mask::rwx
other::r-x

# file: eric
# owner: eric
# group: pretorious
user::rwx
group::r-x
group:6021:rwx
mask::rwx
other::r-x

# file: pretorious
# owner: root
# group: pretorious
user::rwx
group::r-x
group:6021:rwx
mask::rwx
other::r-x
 
Status
Not open for further replies.

Similar threads

danzg
  • Locked
Can't edit .cshrc
Replies
2
Views
3K
danzg
danzg
H
  • Locked
problem with reporting interface utilization, script /root/graph.py
Replies
0
Views
1K
HasseB
H
B
Can I create a NFS or SMB share that can provides full access to Dataset?
Replies
2
Views
2K
benze
B
B
  • Locked
Upgrading to 9.2.1.6
Replies
6
Views
2K
Hartmut Horch
H
B
  • Locked
Connection issues | Hardwire works but cannot connect from wireless
Replies
0
Views
1K
bjohnsonict
B
Top