0

I want a small local filesystem to use for testing the NFSv4 ACL logic that I am using with a proprietary filesystem. Ideally it wouldn't actually be using NFS, because exporting and mounting from the server is more effort than using a local filesystem.

It seems that, even if though NFS servers (such as the built-in kernel server) support these ACLs, the underlying filesystem also has to support these ACLs for it to work.

From my research:

  • ext* filesystems do not support NFSv4 ACLs
  • xfs does not
  • openzfs only supports these ACLs on FreeBSD, not Linux
  • Technically LizardFS does support the ACLs, but it's effectively deprecated and removed from typical package repositories.

So, is there any filesystem I can use for testing these ACLs on Linux?

Improve this question
4
  • But as far as I know, the Linux NFS kernel server doesn't actually support NFSv4 style ACLs (i.e. there's no support for enforcing them)... the filesystem is of little relevance given that both ACL styles are stored as xattrs. Commented Nov 10 at 8:42
  • Some OSes maintain kernel patches to bring some level of NFSv4-like ACL support. IIRC, opensuse used to. Don't know if they still do. TrueNAS does. In any case, those are really a bit of mess and often don't work well with Unix permission domain. You'll find variation between Unices. Best avoid those if you can IMO. Commented Nov 10 at 17:24
  • So, if you want to test, you can try TrueNAS which will use ZFS and some level of support in the kernel. You can also look for "RichACL" which is or was a name for an effort to bring those to Linux. Commented Nov 10 at 17:26
  • Sorry I meant s/Unix permission \Kdomain/model/ or rather s/Unix \Kpermission domain/security model/ above. Commented Nov 11 at 11:25

1 Answer 1

Reset to default
0

openSUSE Leap and SUSE Linux Enterprise Server (SLES) support NFSv4 ACL, but you need to make some careful preparations. NFSv4 ACL is not POSIX-compatible. You need to use ZFS as filesystem for the NFS. VxFS (Veritas File System) would also work, but it's commercial and proprietary.

openSUSE Leap: https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-nfs.html#nfs4-acls

SLES: https://documentation.suse.com/sles/15-SP6/html/SLES-all/cha-nfs.html#nfs4-acls

Regarding SUSE:

It is not supported to mount NFS volumes locally on the exporting NFS server.

PS if you want to have full compatibility, you should look for FreeBSD, illumos or TrueNAS CORE

Improve this answer
3
  • But as the provided link says: "These commands are effective only if the file system on the NFS server provides full support for NFSv4 ACL". OpenZFS does not support this type of ACLs on Linux: openzfs.github.io/openzfs-docs/man/v2.0/8/…. Commented Nov 11 at 11:22
  • full compatibility does not mean much. There's a lot a leeway in the NFSv4 specification and a lot of variations between implementations. TrueNAS CORE AFAIK is based on FreeBSD and on its way out. TrueNAS SCALE, now TrueNAS, though they keep changing the name, as I mentioned in comment to the question is now Debian based with a patched Linux kernel with some NFSv4-like ACL support. Commented Nov 11 at 11:23
  • @Migwell the filesystem supports it, but the Linux kernel doesn't support it. That's a difference. The package nfs4-acl-tools provides support for that, bypassing that limitation. Commented Nov 12 at 13:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.