NFS : NFS 4 ACL Tool2019/05/10 |
It's possible to set ACL on NFS(v4) filesystem to install NFS 4 ACL tool.
|
|
[1] | Install NFS 4 ACL Tool on NFS clients that mounts NFS share with NFSv4. |
[root@node01 ~]# dnf -y install nfs4-acl-tools
|
[2] | On this example, Configure on the environment like follows. |
[root@node01 ~]# df -hT /mnt Filesystem Type Size Used Avail Use% Mounted on dlp.srv.world:/home nfs4 15G 1.8G 14G 12% /mnt[root@node01 ~]# ll /mnt total 4 drwx------. 2 fedora fedora 62 May 3 00:11 fedora drwxr-xr-x. 2 root root 6 May 10 11:05 testdir -rw-r--r--. 1 root root 5 May 10 11:05 test.txt |
[3] | Show ACL of a file or directory on NFSv4 filesystem. |
[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy[root@node01 ~]# nfs4_getfacl /mnt/testdir # file: /mnt/testdir A::OWNER@:rwaDxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # each entry means like follows # ACE = Access Control Entry # (ACE Type):(ACE Flags):(ACE Principal):(ACE Permissions)
|
Description
|
[4] | Add or Delete ACE. |
[root@node01 ~]# ll /mnt total 4 drwx------. 2 root root 26 May 20 19:12 testdir -rwx------. 1 root root 10 May 20 19:11 test.txt[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # add generic read/execute for [cent] user to [/mnt/test.txt] file [root@node01 ~]# nfs4_setfacl -a A::fedora@srv.world:rxtncy /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::1000:rxtcy A::GROUP@:tcy A::EVERYONE@:tcy # verify with [fedora] user [fedora@node01 ~]$ ll /mnt total 4 drwx------. 2 root root 26 May 21 10:12 testdir -rwxr-x---. 1 root root 10 May 21 10:11 test.txt
[fedora@node01 ~]$ cat /mnt/test.txt test file # delete generic read/execute for [fedora] user from [/mnt/test.txt] file [root@node01 ~]# nfs4_setfacl -x A::1000:rxtcy /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[5] | Edit ACL directly. |
[root@node01 ~]# nfs4_setfacl -e /mnt/test.txt
# run an editor on $EDITOR (if null, default is [vi] editor)
## Editing NFSv4 ACL for file: /mnt/test.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
|
[6] | Add ACE from a file. |
A::fedora@srv.world:RX A::redhat@srv.world:RWX # add ACL from the file [root@node01 ~]# nfs4_setfacl -A acl.txt /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::1000:rxtcy A::1001:rwaxtcy A::GROUP@:tcy A::EVERYONE@:tcy |
[7] | Replace current ACE to new ACE. |
A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace ACL from the file [root@node01 ~]# nfs4_setfacl -S acl.txt /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[8] | Replace specific ACE to new ACE. |
[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace EVERYONE's ACE to read/execute [root@node01 ~]# nfs4_setfacl -m A::EVERYONE@:tcy A::EVERYONE@:RX /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:rxtcy A::EVERYONE@:rxtcy |
Sponsored Link |