NFSv3 + ACL: mask is gone on clients

Posted by Jorge Suárez de Lis on Server Fault See other posts from Server Fault or by Jorge Suárez de Lis
Published on 2012-08-30T11:36:18Z Indexed on 2012/08/31 9:40 UTC
Read the original article Hit count: 402

Filed under:
|
|
|
|

I'm sharing a NFS folder among a user group. The default umask on the clients is 0700, and this is a problem because newly created files won't be readable/writable by another users.

So, I'm using ACLs to force the umask 0770 on the shared folder, and this works OK on the server, but not on the clients.

server # getfacl /export/proyectos
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: export/proyectos
# owner: root
# group: root
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::r-x

server # getfacl /export/proyectos/innovacion
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: export/proyectos/innovacion
# owner: root
# group: proyecto-innovacion
# flags: ss-
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::---

As you see, the default (and also a specific on the second directory) mask ACLs are being applied.

I mount the whole share on the client:

172.16.54.56:/export/proyectos on /proyectos type nfs (rw,noatime,rsize=131072,wsize=131072,acregmin=10,acl,nfsvers=3,addr=172.16.54.56)

But the mask and default:mask ACLs are gone.

client $ getfacl /proyectos/
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: proyectos/
# owner: root
# group: root
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

client $ getfacl /proyectos/innovacion
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: proyectos/innovacion
# owner: root
# group: proyecto-innovacion
# flags: ss-
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---

It lacks the default:mask and mask ACLs, the only ones that I've setted. So the proposed solution to enforce umask won't work for me. Why is happening this?

© Server Fault or respective owner

Related posts about linux

Related posts about ubuntu