Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

get/setfacl on SCALE with NFSv4 ACLs

c77dk

Senior Member
Joined
Nov 27, 2019
Messages
302
Hi,

Trying to test SCALE with NFSv4 ACLs, but have run into a small issue, which my search skills haven't found the solution for.

In CORE I can uset getfacl / setfacl in the cli to check/set acls if the webui cant/wont. In SCALE I see the same commands but when I run getfacl on a dataset with nfsv4 ACLs the acls isn't shown, which makes it "a little" hard to verify if the webui is telling the truth about ACLs or not.

My guess is I need some other command for the nfs permissions, but I have no luck in finding it yet. Can anyone point me in the right direction? Without ability to verify it's hard to make useful jira tickets.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
7,841
Hi,

Trying to test SCALE with NFSv4 ACLs, but have run into a small issue, which my search skills haven't found the solution for.

In CORE I can uset getfacl / setfacl in the cli to check/set acls if the webui cant/wont. In SCALE I see the same commands but when I run getfacl on a dataset with nfsv4 ACLs the acls isn't shown, which makes it "a little" hard to verify if the webui is telling the truth about ACLs or not.

My guess is I need some other command for the nfs permissions, but I have no luck in finding it yet. Can anyone point me in the right direction? Without ability to verify it's hard to make useful jira tickets.
nfs4xdr_getfacl, nfs4xdr_setfacl. If you're wanting to edit the acl you can open it in VI-like editor via `nfs4xdr_setfacl -e <path>`. That said, the correct way to interact with ACLs on SCALE is through the API. Once you have set the ACL how you want it, you can push recursively via `nfs4xdr_winacl -a clone -rv -p <path>`
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
7,841
The tools also support JSON input / output.
Code:
tn23# nfs4xdr_getfacl -j /mnt/dozer/NFS4 
{"acl": [{"tag": "owner@", "id": -1, "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"BASIC": "MODIFY"}, "flags": {"BASIC": "INHERIT"}, "type": "ALLOW"}, {"tag": "GROUP", "who": "builtin_users", "id": 545, "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "type": "ALLOW"}, {"tag": "owner@", "id": -1, "perms": {"BASIC": "MODIFY"}, "flags": {"BASIC": "INHERIT"}, "type": "ALLOW"}], "nfs41_flags": {"AUTOINHERIT": false, "PROTECTED": false, "DEFAULTED": false}, "trivial": false, "uid": 1000, "gid": 1000, "path": "/mnt/dozer/NFS4"}
 

c77dk

Senior Member
Joined
Nov 27, 2019
Messages
302
nfs4xdr_getfacl, nfs4xdr_setfacl. If you're wanting to edit the acl you can open it in VI-like editor via `nfs4xdr_setfacl -e <path>`. That said, the correct way to interact with ACLs on SCALE is through the API. Once you have set the ACL how you want it, you can push recursively via `nfs4xdr_winacl -a clone -rv -p <path>`
thx, it works perfectly - time to have some fun testing :smile:
 
Top