NFS 4 ACL Tool2018/12/21 |
It's possible to set ACL on NFS(v4) filesystem to install NFS 4 ACL tool.
For setting ACL of XFS or ext4 filesystem, refer to here. |
|
[1] | Install NFS 4 ACL Tool on NFS clients that mounts NFS share with NFSv4. |
[root@node01 ~]# yum -y install nfs4-acl-tools
|
[2] | On this example, Configure on the environment like follows. |
[root@node01 ~]# df -hT /mnt Filesystem Type Size Used Avail Use% Mounted on dlp.srv.world:/var/lib/nfs/share nfs4 71G 1.3G 70G 2% /mnt[root@node01 ~]# ll /mnt total 4 drwx------. 2 root root 26 Dec 20 19:12 testdir -rwx------. 1 root root 10 Dec 20 19:11 test.txt |
[3] | Show ACL of a file or directory on NFSv4 filesystem. |
[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy[root@node01 ~]# nfs4_getfacl /mnt/testdir # file: /mnt/testdir A::OWNER@:rwaDxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # each entry means like follows # ACE = Access Control Entry # (ACE Type):(ACE Flags):(ACE Principal):(ACE Permissions)
|
Description
|
[4] | Add or Delete ACE. |
[root@node01 ~]# ll /mnt total 4 drwx------. 2 root root 26 Dec 20 19:12 testdir -rwx------. 1 root root 10 Dec 20 19:11 test.txt[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # add generic read/execute for [cent] user to [/mnt/test.txt] file [root@node01 ~]# nfs4_setfacl -a A::cent@srv.world:rxtncy /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::1000:rxtcy A::GROUP@:tcy A::EVERYONE@:tcy # verify with [cent] user [cent@node01 ~]$ ll /mnt total 4 drwx------. 2 root root 26 Dec 21 10:12 testdir -rwxr-x---. 1 root root 10 Dec 21 10:11 test.txt
[cent@node01 ~]$ cat /mnt/test.txt test file # delete generic read/execute for [cent] user from [/mnt/test.txt] file [root@node01 ~]# nfs4_setfacl -x A::1000:rxtcy /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[5] | Edit ACL directly, |
[root@node01 ~]# nfs4_setfacl -e /mnt/test.txt
# run an editor on $EDITOR (if null, default is [vi] editor)
## Editing NFSv4 ACL for file: /mnt/test.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
|
[6] | Add ACE from a file. |
A::cent@srv.world:RX A::redhat@srv.world:RWX # add ACL from the file [root@node01 ~]# nfs4_setfacl -A acl.txt /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::1000:rxtcy A::1001:rwaxtcy A::GROUP@:tcy A::EVERYONE@:tcy |
[7] | Replace current ACE to new ACE. |
A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace ACL from the file [root@node01 ~]# nfs4_setfacl -S acl.txt /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy |
[8] | Replace specific ACE to new ACE. |
[root@node01 ~]# nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:tcy A::EVERYONE@:tcy # replace EVERYONE's ACE to read/execute [root@node01 ~]# nfs4_setfacl -m A::EVERYONE@:tcy A::EVERYONE@:RX /mnt/test.txt
nfs4_getfacl /mnt/test.txt # file: /mnt/test.txt A::OWNER@:rwaxtTcCy A::GROUP@:rxtcy A::EVERYONE@:rxtcy |
Sponsored Link |