NFSv4: setfacl does not work

M

Morfio

Hello,

I'm trying to run NFSv4 on a FreeBSD 8.1 machine:

Code: 
FreeBSD freebsdthorsten.rommerskirchen.roki 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #1: Fri Jun 25 10:15:46 CEST 2010     
[email]root@freebsdthorsten.rommerskirchen.roki[/email]:/usr/obj/usr/src/sys/GENERIC  amd64

My "/etc/rc.conf" looks like this:

Code: 
 22 mountd_enable="YES"
 23 nfs_client_enable="YES"
 24 nfs_server_enable="YES"
 25 nfsv4_server_enable="YES"
 26 nfsuserd_enable="YES"
 27 nfscbd_enable="YES"

The "/etc/exports" like this:

Code: 
/server -maproot=root
V4: /

Server and client are the same machine. I do the mount via:

Code: 
mount_newnfs 192.168.0.208:/server /mnt/server/

"mount" shows the following:

Code: 
/dev/ad0s1a on / (ufs, NFS exported, local, acls)
devfs on /dev (devfs, local, multilabel)
192.168.0.208:/server on /mnt/server (newnfs)

If I try to setfacl a file, this error occures:

Code: 
[root@freebsdthorsten /mnt/server]# setfacl -m u:thorsten:rwx bla
setfacl: bla: acl_get_file() failed: Operation not supported

"getfacl" says:

Code: 
[root@freebsdthorsten /mnt/server]# getfacl bla 
# file: bla
# owner: root
# group: wheel
user::rw-
group::r--
other::r--

This is the process list:

Code: 
  739  ??  Is     0:00.00 nfscbd: master (nfscbd)
  741  ??  S      0:00.03 nfscbd: server (nfscbd)
  459  ??  Ss     0:00.01 /usr/sbin/rpcbind
  526  ??  Is     0:00.00 nfsuserd: master (nfsuserd)
  528  ??  S      0:00.00 nfsuserd: slave (nfsuserd)
  529  ??  S      0:00.00 nfsuserd: slave (nfsuserd)
  530  ??  S      0:00.00 nfsuserd: slave (nfsuserd)
  531  ??  S      0:00.00 nfsuserd: slave (nfsuserd)
  545  ??  Is     0:00.00 /usr/sbin/mountd -e -r
  552  ??  Is     0:00.02 nfsd: master (nfsd)
  555  ??  S      0:00.04 nfsd: server (nfsd)

How is it possible to use ACLs with NFSv4 under FreeBSD?

Thank you, Morfio
 
Looks like you're trying to set a POSIX.1e ACL instead of an NFSv4 ACL.

Try: # setfacl -m u:thorsten:rwxp::allow bla

See setfacl(1).
 
SirDice said:
Looks like you're trying to set a POSIX.1e ACL instead of an NFSv4 ACL.

Try: # setfacl -m u:thorsten:rwxp::allow bla

See setfacl(1).
Click to expand...

The result is the same:

Code: 
[root@freebsdthorsten /mnt/server]# setfacl -m u:thorsten:rwxp::allow bla
setfacl: bla: acl_get_file() failed: Operation not supported
 
Hmm.. Are you sure it's mounted with NFSv4?
Try mounting it with mount -t nfsv4 instead of mount_newnfs.
Mount_newnfs is actually hardlinked to mount_nfs.

You may also want to add the option nfsv4acls.
 
SirDice said:
Hmm.. Are you sure it's mounted with NFSv4?
Try mounting it with mount -t nfsv4 instead of mount_newnfs.
Mount_newnfs is actually hardlinked to mount_nfs.

You may also want to add the option nfsv4acls.
Click to expand...

Ok, I tried the following now:

Code: 
mount -t nfsv4 -o nfsv4acls 192.168.0.208:/server /mnt/server

The result is:
Code: 
mount: 192.168.0.208:/server : Operation not supported by device

If I try to mount it this way:

[cmd=]mount -t nfsv4 -o nfsv4acls 192.168.0.208:/server /mnt/server[/cmd]

the device is mounted (192.168.0.208:/server on /mnt/server (newnfs)), but the setfacl command does not work, too: setfacl: g: acl_get_file() failed: Operation not supported.
 
If i try it this way:

Code: 
mount -t newnfs -o nfsv4acls 192.168.0.208:/server /mnt/server/

the result is:
Code: 
mount_newnfs: /mnt/server, mount option <nfsv4acls> is unknown: Invalid argument
 
Morfio said:
Ok, I tried the following now:



The result is: "mount: 192.168.0.208:/server : Operation not supported by device".

If I try to mount it this way:



the device is mounted (192.168.0.208:/server on /mnt/server (newnfs)), but the setfacl command does not work, too: setfacl: g: acl_get_file() failed: Operation not supported.
Click to expand...

Ups, I'm sorry, the second command should be:

[cmd=]mount_newnfs -o acls 192.168.0.208:/server /mnt/server/[/cmd]
 
I now tried to compile NFSv4 into the kernel:

Code: 
#options        NFSCLIENT               # Network Filesystem Client
#options        NFSSERVER               # Network Filesystem Server
options         NFSD
options         NFSCL
options         NFSLOCKD                # Network Lock Manager
options         NFS_ROOT                # NFS usable as /, requires NFSCLIENT

and I get the following errors:

Code: 
rm -f hack.c
MAKE=make sh /usr/src/sys/conf/newvers.sh GENERIC
cc -c -O2 -frename-registers -pipe -fno-strict-aliasing  -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes  -Wmissing-
prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc  -I. -I/usr/src/sys -
I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-
growth=100 --param large-function-growth=1000  -fno-omit-frame-pointer -mcmodel=kernel -mno-red-zone  -mfpmath=387 -mno-sse -mno-sse2 -mno-sse3 
-mno-mmx -mno-3dnow  -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -Werror  vers.c
linking kernel.debug
nfs_clvfsops.o(.text+0xefc): In function `ncl_mountroot':
/usr/src/sys/fs/nfsclient/nfs_clvfsops.c:384: undefined reference to `nfs_setup_diskless'
nlm_prot_impl.o(.text+0x12d1): In function `nlm_client_recovery_start':
/usr/src/sys/nlm/nlm_prot_impl.c:684: undefined reference to `nlm_client_recovery'
nlm_prot_impl.o(.text+0x4096): In function `nlm_syscall':
/usr/src/sys/nlm/nlm_prot_impl.c:1577: undefined reference to `nfs_advlock_p'
nlm_prot_impl.o(.text+0x409d):/usr/src/sys/nlm/nlm_prot_impl.c:1579: undefined reference to `nfs_reclaim_p'
nlm_prot_impl.o(.text+0x40b1):/usr/src/sys/nlm/nlm_prot_impl.c:1578: undefined reference to `nfs_advlock_p'
nlm_prot_impl.o(.text+0x40b5):/usr/src/sys/nlm/nlm_prot_impl.c:1578: undefined reference to `nlm_advlock'
nlm_prot_impl.o(.text+0x40bc):/usr/src/sys/nlm/nlm_prot_impl.c:1580: undefined reference to `nfs_reclaim_p'
nlm_prot_impl.o(.text+0x40c0):/usr/src/sys/nlm/nlm_prot_impl.c:1580: undefined reference to `nlm_reclaim'
nlm_prot_impl.o(.text+0x40d2):/usr/src/sys/nlm/nlm_prot_impl.c:1585: undefined reference to `nfs_advlock_p'
nlm_prot_impl.o(.text+0x40d9):/usr/src/sys/nlm/nlm_prot_impl.c:1586: undefined reference to `nfs_reclaim_p'
*** Error code 1

Stop in /usr/obj/usr/src/sys/GENERIC.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
 
Remove the NFS_ROOT. You don't really need it. You'll only need it if you PXE boot a diskless machine.
 
(Ups, I'm sorry, I read the private message (infraction) now, I will do it better next time. Sorry!)
 
Ok, I try to give you the way I'm configuring my system. Maybe you can reproduce the behavior. Maybe I'm doing some things wrong.

# mkdir /tmp/from
# mkdir /tmp/to
# dd if=/dev/zero of=/tmp/testfile bs=1m count=1024
# mdconfig -a -t vnode -f /tmp/testfile -u 0
# newfs -O2 -U /dev/md0
# mount -o nfsv4acls /dev/ /tmp/from
# mount

Code: 
/dev/md0 on /tmp/from (ufs, local, soft-updates, nfsv4acls)

/etc/rc.conf looks like this (server and client are on the same machine):

Code: 
mountd_enable="YES"
nfs_client_enable="YES"
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"
nfscbd_enable="YES"

/etc/exports has the following content:

Code: 
/tmp/from -maproot=root
V4: / -sec=sys

After this I restart all nfs stuff and mountd:

# /etc/rc.d/nfsd restart
# /etc/rc.d/nfsserver restart
# /etc/rc.d/nfsuserd restart
# /etc/rc.d/nfsclient restart
# /etc/rc.d/nfscbd restart
# /etc/rc.d/mountd restart

Now I mount the nfs device:

# mount_nfs -o nfsv4 $server:/tmp/from /tmp/to
or
# mount_newnfs $server:/tmp/from /tmp/to
or
# mount_newnfs -o acls $server:/tmp/from /tmp/to

# mount shows this:

Code: 
/dev/md0 on /tmp/from (ufs, NFS exported, local, soft-updates, nfsv4acls)
$server:/tmp/from on /tmp/to (newnfs)

I created a simple file with:

# touch /tmp/from/test

The following command works great:

# setfacl -m u:thorsten:rwxp::allow /tmp/from/test
# getfacl /tmp/from/test
Code: 
# file: /tmp/from/test
# owner: root
# group: wheel
     user:thorsten:rwxp----------:------:allow
            owner@:--x-----------:------:deny
            owner@:rw-p---A-W-Co-:------:allow
            group@:-wxp----------:------:deny
            group@:r-------------:------:allow
         everyone@:-wxp---A-W-Co-:------:deny
         everyone@:r-----a-R-c--s:------:allow

On the nfs mount it does not work:

# setfacl -m u:thorsten:rwxp::allow /tmp/to/test
Code: 
setfacl: /tmp/to/test: acl_get_file() failed: Operation not supported
# getfacl /tmp/to/test
Code: 
# file: /tmp/to/test
# owner: root
# group: wheel
user::rw-
group::r--
other::r--

What's wrong with my doing?

Thank you, Morfio

(Sorry about my bad english ...)
 
Oh, I'm sorry, in my example is a error:

instead of
# mount -o nfsv4acls /dev/ /tmp/from
you've got to use this
# mount -o nfsv4acls /dev/md0 /tmp/from
 
Hi Morfio

I can't help you with this one but I would be interested to know if you have any good sources of documentation for NFSv4 on FreeBSD as I'm about to try setting it up myself. I haven't found much yet....

Thanks

sim
 
Morfio said:
Hello,

I'm trying to run NFSv4 on a FreeBSD 8.1 machine:

Code: 
FreeBSD freebsdthorsten.rommerskirchen.roki 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #1: Fri Jun 25 10:15:46 CEST 2010     
[email]root@freebsdthorsten.rommerskirchen.roki[/email]:/usr/obj/usr/src/sys/GENERIC  amd64

How is it possible to use ACLs with NFSv4 under FreeBSD?
Click to expand...
This is just a guess, but depending on when your 8.1-PRERELEASE sources were fetched, you are probably missing one or more changes to the NFS code. You could try updating your sources and building a new kernel. For testing, I'd suggest using the 8_STABLE target as there have been changes in this area since 8.1 was released. Keep your old kernel around so you can switch back if it doesn't help (unless you want to track 8_STABLE).

If that doesn't do it, I'd ask on the freebsd-stable@ mailing list - Rick Macklem is a frequent poster there, and I'm sure he'll have an answer.
 
Morfio said:
I removed this entry, but I get the same errors.
Click to expand...

I don't know if you ever solved your ACL problems, but to compile the kernel with NFSCL, you may also need NFSCLIENT:

Code: 
options    NFSCLIENT
options    NFSCL

...or so it seems because I can't get my kernel to compile without both lines. Note that the instructions in nfsv4(4) say to use NFSD instead of NFSSERVER, but only says to specify NFSCL. Is this right? BTW, I also removed NFS_ROOT as SireDice suggested.
 
Hi,

I tried FreeBSD 9 CURRENT now. With and without the kernel options for nfsv4, with and without nfsv4_server_enable. The result are the same like in FreeBSD 8 and 8.1. It does not work.

Morfio
 
You must log in or register to reply here.
Back
Top