ACL oddity
Steve Gaarder
gaarder at math.cornell.edu
Wed Aug 15 10:55:17 EDT 2007
I have a server running Red Hat Enterprise 4, serving both NFS version 3
and version 4. I use ACLs to provide group access to a directory tree;
the ACL on the root of the tree is:
# file: .
# owner: web434
# group: web434
user::rwx
group::---
group:web434:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:web434:rwx
default:mask::rwx
default:other::r-x
When a user who is a member of group web434 logs into an NFSv3 client
(also Red Hat Enterprise 4) and creates a file, everything is fine:
# file: frobozz
# owner: gaarder
# group: web434
user::rw-
group::rwx #effective:rw-
group:web434:rwx #effective:rw-
mask::rw-
other::r--
But when I do this on a machine using NFSv4 with sec=krb5 (RHEL4 again),
this happens:
# file: foo
# owner: gaarder
# group: web434
user::rw-
group::rwx #effective:r--
group:web434:rwx #effective:r--
mask::r--
other::r--
The difference is that the "mask" parameter becomes read-only, which
shuts off write access to groups. The umask in both cases is 022. Ideas?
thanks,
Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA
gaarder at math.cornell.edu
More information about the NFSv4
mailing list