1

I'm just starting off with NFSV4 and had a few questions. So normally when creating an NFS share on a NAS filer and mounting on a client I would run a chmod & chgrp to set things up the way I want.

Now, I have done that already on existing exports.

When I move to NFSV4, what happens to those changes that were made on the exports?

Do the ACL's that get applied for NFSV4 surpersese those changes?

Moving forward with new NFVS4 exports, do I even need to run chmod and chgp anymore or strictly run the normal "nfs4_setfacl" commands?

When I setup NFSV4 are the chmod & chgrp settings basically deprecated and no longer applpy?

Keep in mind I said I have a NAS filer and not a NFS server that is on Linux machine.

Thanks in advance for the help.

user16411104
  • 21
  • 1

1 Answers1

1

Indeed the NFSv4 ACL and unix permissions on a single server confusing. However, at the end both apply to the same file system. The nfs server istself is stateless (kind of). The answers:

  • after you switch from v3 to v3 all existing files group and user ownership with stat as is.
  • if files already have ACLs (posix of whatever the under laying file system supports), then you will see them and manipulate with nfs4_set/getfacl command (for example, ZFS internally use NFSv4 ACLs). While exported by v3 the ACL ware applied as well, but was 'invisible'.
  • you can still use regular chmod. Just be aware, that changing ACL will affect file mode and changing mode will affect ACLs. AFAIK, may NFSv4 server use mapping based on https://datatracker.ietf.org/doc/html/draft-falkner-nfsv4-acls-00. Keep in mind, that for proper functionality user names must be synchronized on clients and the server (you probably need LDAP if ACLs are required)
  • all above apply to any nfsv4 box. But of course some vendors might have special behavior, thus always check vendor specific docs.
kofemann
  • 4,308
  • 1
  • 21
  • 27
  • Unfortuantely I don't have LDAP, IDMU, NIS or otherwise. I do have an application called AD Bridge which allows us to internally via AD map Windows users to LInux users. OUr LInux VM's are on the domain and therefore people can log into the VM's with a domain account, NOT a local LInux acocunt. So in a round about way the Linux nodes and fiind a user name that ties back to a Windows account by way of our AD Bridge application. – user16411104 Nov 05 '21 at 20:37
  • AD is a LDAP server, however I am not a windows guy. – kofemann Nov 05 '21 at 20:46
  • It's more so confusing because at first glance the NFSV4 ACL's almost look more like share-level permissions rather than file. But yet, you can still add file-level permissions using nfs4_setfacl. So it's just confusing still as to what trumps who or what when it comes to chomd versus nfs4_setfacl. – user16411104 Nov 05 '21 at 20:56