I want to share a folder over NFSv4, available to some users, and I'm having permission issues.
I set up the folder permissions with setGID so new files are created with the folder group owner. But users are free to create files without permissions to the group (In fact, default users UMASK is 700, so this happens all the time).
I ended up trying to apply this solution using ACLs to enforce directory umask. I did, but it didn't work as expected. I read on the NFS wiki that regular ACLs won't work over NFSv4, and that I need to use nfs4 specific ACL tools.
But I'm having some trouble. I tried installing nfs4-acl-tools on the server and I get this:
# nfs4_getfacl /export/proyectos/
Operation to request attribute not supported.
Yes, the partition is mounted with ACL support.
/dev/mapper/mpath4-part1 /export/proyectos ocfs2 rw,relatime,_netdev,heartbeat=local,nointr,data=ordered,errors=remount-ro,usrquota,coherency=full,user_xattr,acl 0 0
And regular ACLs are working:
# getfacl /export/proyectos/
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: export/proyectos/
# owner: root
# group: root
# flags: --t
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx
I straced the nfs4_getfacl as suggested on the mailing list and got this:
# strace nfs4_getfacl /export/proyectos
<stripped>
getxattr("/export/proyectos", "system.nfs4_acl", 0x0, 0) = -1 EOPNOTSUPP (Operation not supported)
<stripped>
Is nfs4_getfacl asking for the right flag? I thought that nfs4_acls were not implemented at all by any filesystem, and currently nfs4 were relying on some kind of nfs4acl-posixacl mapping. But I'm not sure anymore.