The situation: I want to export a directory writable only for a group. I have created a group with same gid on both client (Solaris 10) and Server (Linux). On Linux server I set the permission and acl in this way
chmod g+s /srv/nfsv4/pub chgrp nfs-users /srv/nfsv4/pub setfacl -d -m g:"nfs-users":rwx /srv/nfsv4/pub setfacl -d -m o:--- /srv/nfsv4/pub setfacl -d -m g:"nfs-users":rwx /srv/nfsv4/pub I go on Linux client, i create a file and works fine
cd /srv/nfsv4/pub mkdir try ls -lhd * drwxrws---+ 1 myuser nfs-users 0 gen 12 00:43 try/ I export the directory for Solaris client
/srv/nfsv4 10.7.2.0/24(rw,no_subtree_check,fsid=0,sec=sys:krb5:krb5i:krb5p,acl) /srv/nfsv4/pub 10.7.2.0/24(rw,no_subtree_check,async,root_squash,nohide,acl) I mount it and I create a directory
mount -F nfs -o vers=4,sec=krb5p,rw slackware1:/pub /mnt cd /mnt mkdir try2 ls -lhd * drwxrws---+ 1 myuser nfs-users 0 Jan 12 00:43 try/ drwxr-s---+ 1 myuser nfs-users 0 Jan 12 00:46 try2/ As you can see the write permission for group is missing I can "escape" this using a different umask (0002 instead of 0022) but I want to know why Solaris don't respect the acl inherit. The acl not correctly seen on Solaris client ( I don't see the default)
On Solaris
getfacl /mnt # file: /mnt # owner: root # group: nfs-users user::rwx group::rwx #effective:rwx mask:rwx other:r-x On Linux
# file: srv/nfsv4/pub/ # owner: root # group: nfs-users # flags: -s- user::rwx group::r-x group:nfs-users:rwx mask::rwx other::r-x default:user::rwx default:group::r-x default:group:nfs-users:rwx default:mask::rwx default:other::--- Another solution can be to use g+ws instead of g+s for acl
The question is: why Solaris don't correctly see the posix acl?
Try to use the nfs4 acl on Linux is impossible cause the leak of a decent tool to set it (nfs4_setacl works only on nfs shares, not on local fs)
