Unsolved
10 Posts
0
551
NFS exports without Root-Squash: problems with oneFS ACL
Hello, I want to give an NFSv4 client full access over an export. So it is configured as a root client without root-squash and security set to system. This works just fine as can be expected until I try to access a directory which has an ACL of type deny set. An example:
# chmod +a user AD\\some-user deny dir_gen_all guenther/testdir
Now on the client as root:
# ls -la /mnt/guenther/testdir/
ls: cannot access '/mnt/guenther/testdir/.': Permission denied
ls: cannot access '/mnt/guenther/testdir/..': Permission denied
ls: cannot access '/mnt/guenther/testdir/test.txt': Permission denied
total 0
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
?????????? ? ? ? ? ? test.txt
Is this an expected behaviour? Removing the ACL allows root to access the directory again.
kind regards
Günther
GSchwarz
10 Posts
0
May 9th, 2023 05:00
OK, thank you very much for the information. This looks very interesting. We are on 9.4.0.10 currently. I will install the patch as soon as possible and report here if the issue was fixed.
kind regards
Günther
Yan_Faubert
117 Posts
0
May 9th, 2023 05:00
This could be related to an issue that was fixed in OneFS 9.4.0.12 and above around root squash and deny ACL. If you are running 9.4.0.x where x is < 12, I would recommend you update your patch level and retry. The most recent patch level at this time for 9.4.0.x is 9.4.0.13.
From the readme file of the most recent 9.4.0.x patch you can see issue PSCALE-163251.
https://www.dell.com/support/kbdoc/en-us/000201074?lang=en
GSchwarz
10 Posts
0
May 22nd, 2023 02:00
The patch resolved my issue: running 9.4.0.13 now the above test for root access to a directory with ACL of type deny now works as expected. Thank you very much again for the most helpful suggestion.
# ls -la /mnt/guenther/testdir/
total 112
drwxrws--- 2 4294967294 4294967294 26 Mai 22 11:48 .
drwxrws--- 3 4294967294 4294967294 120 Mai 9 15:54 ..
-rwxrwx--- 1 4294967294 4294967294 0 Mai 9 13:36 test.txt
Günther