NFS : NFS 4 ACL Tool2023/04/25 |
It's possible to set ACL on NFS(v4) filesystem to install NFS 4 ACL tool.
Usage is mostly the same with POSIX ACL Tool. |
|
[1] | Install NFS 4 ACL Tool on NFS clients that mounts NFS share with NFSv4. |
root@node01:~# apt -y install nfs4-acl-tools
|
[2] | On this example, it shows usage examples on the environment like follows. |
root@node01:~# df -hT /mnt Filesystem Type Size Used Avail Use% Mounted on dlp.srv.world:/home/nfsshare nfs4 27G 5.6G 20G 23% /mntroot@node01:~# ll /mnt total 16 drwxr-xr-x 3 root root 4096 Apr 27 01:13 ./ drwxr-xr-x 19 root root 4096 Apr 26 05:39 ../ drwx------ 2 root root 4096 Apr 27 01:13 testdir/ -rw------- 1 root root 15 Apr 27 01:13 testfile.txt |
[3] | Show ACL of a file or directory on NFSv4 filesystem. |
root@node01:~# nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwatTcCy A::GROUP@:tcy A::EVERYONE@:tcyroot@node01:~# nfs4_getfacl /mnt/testdir A::OWNER@:rwaDxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # each entry means like follows
# ACE = Access Control Entry # (ACE Type):(ACE Flags):(ACE Principal):(ACE Permissions) |
Description
|
[4] | Add or Delete ACE. |
root@node01:~# ll /mnt total 16 drwxr-xr-x 3 root root 4096 Apr 27 01:13 ./ drwxr-xr-x 19 root root 4096 Apr 26 05:39 ../ drwx------ 2 root root 4096 Apr 27 01:13 testdir/ -rw------- 1 root root 15 Apr 27 01:13 testfile.txtroot@node01:~# nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwatTcCy A::GROUP@:tcy A::EVERYONE@:tcy # add generic read/execute for [ubuntu] user to [/mnt/testfile.txt] file root@node01:~# nfs4_setfacl -a A::ubuntu@srv.world:rxtncy /mnt/testfile.txt
nfs4_getfacl /mnt/testfile.txt # file: /mnt/testfile.txt D::OWNER@:x A::OWNER@:rwatTcCy A::1000:rxtcy A::GROUP@:tcy A::EVERYONE@:tcy # verify with [ubuntu] user ubuntu@node01:~$ ll /mnt total 16 drwxr-xr-x 3 root root 4096 Apr 27 01:13 ./ drwxr-xr-x 19 root root 4096 Apr 26 05:39 ../ drwx------ 2 root root 4096 Apr 27 01:13 testdir/ -rw-r-x--- 1 root root 15 Apr 27 01:13 testfile.txt*
ubuntu@node01:~$ cat /mnt/testfile.txt test file # delete generic read/execute for [ubuntu] user from [/mnt/testfile.txt] file root@node01:~# nfs4_setfacl -x A::1000:rxtcy /mnt/testfile.txt
nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwatTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[5] | Edit ACL directly. |
root@node01:~# nfs4_setfacl -e /mnt/testfile.txt
# run an editor on $EDITOR (if null, default is [vi] editor)
## Editing NFSv4 ACL for file: /mnt/testfile.txt
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
|
[6] | Add ACE from a file. |
A::ubuntu@srv.world:RX A::lunar@srv.world:RWX # add ACL from the file root@node01:~# nfs4_setfacl -A acl.txt /mnt/testfile.txt
nfs4_getfacl /mnt/testfile.txt D::OWNER@:x A::OWNER@:rwatTcCy A::1000:rxtcy A::1001:rwaxtcy A::GROUP@:tcy A::EVERYONE@:tcy |
[7] | Replace current ACE to new ACE. |
A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace ACL from the file root@node01:~# nfs4_setfacl -S acl.txt /mnt/testfile.txt
nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[8] | Replace specific ACE to new ACE. |
root@node01:~# nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace EVERYONE's ACE to read/execute root@node01:~# nfs4_setfacl -m A::EVERYONE@:tcy A::EVERYONE@:RX /mnt/testfile.txt
nfs4_getfacl /mnt/testfile.txt A::OWNER@:rwaxtTcCy A::GROUP@:rxtcy A::EVERYONE@:rxtcy |
Sponsored Link |