Bug 1342751

Summary: setfacl does not work for fuse and kernel client
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: rakesh-gm <rgowdege>
Component: DocumentationAssignee: ceph-docs <ceph-docs>
Status: CLOSED CURRENTRELEASE QA Contact: Ramakrishnan Periyasamy <rperiyas>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.0CC: asriram, ceph-eng-bugs, hnallurv, john.spray, kdreyer, zyan
Target Milestone: rc   
Target Release: 2.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.POSIX ACL support is disabled by default in CephFS FUSE clients Support for Access Control Lists (ACL) is disabled by default for Ceph File Systems (CephFS) mounted as FUSE clients. To use the ACL feature with FUSE clients, enable it manually. For details, see the https://access.redhat.com/documentation/en/red-hat-ceph-storage/2/single/ceph-file-system-guide-technology-preview#limitations-1[Limitations] section in the https://access.redhat.com/documentation/en/red-hat-ceph-storage/2/single/ceph-file-system-guide-technology-preview[Ceph File System Guide] for Red Hat Ceph Storage 2. In addition, ACL in CephFS kernel clients is supported on Red Hat Enterprise Linux with kernel version `kernel-3.10.0-327.18.2.el7` or later.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-04 14:06:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1322504    

Description rakesh-gm 2016-06-04 17:51:03 UTC 
Description of problem:

When I try to setacls to cephfs mount of ceph-fuse and kernel-client, I see a message --  "setfacl: /home/ubuntu/myfs/: Operation not supported" 

I saw a tracker bug http://tracker.ceph.com/issues/15783, and this says that there is way to enable the ACLS. Is this the default behavior or is it something to be fixed.
Comment 2 John Spray 2016-06-08 14:13:25 UTC 
ACLs are indeed disabled by default (at least in the fuse client).  Could you test again with the settings in the referenced upstream ticket?  This will be something to document.
Comment 3 rakesh-gm 2016-06-10 13:34:10 UTC 
This has to be documented, I used the the upstream ticket as the reference and added the following in ceph.conf


[client]
        fuse_default_permission=0 
        client_acl_type=posix_acl

I then restarted the services and tried setfacls. and it did not throw any error. This is for ceph-fuse. 

Can you let me know what is for kernel client. I see the problem in kernel client too. I can test it once you let me know what is the configuration.
Comment 4 Harish NV Rao 2016-06-10 14:28:01 UTC 
setting need_info on John for clarification on kernel client (comment 3).
Comment 5 Yan, Zheng 2016-06-10 15:37:53 UTC 
Cephfs code in current RHEL kernel (up to kernel-3.10.0-418.el7)does not have ACL support.

My pending backports include ACL support.
https://bugzilla.redhat.com/show_bug.cgi?id=1340782
Comment 7 Yan, Zheng 2016-07-01 02:55:33 UTC 
The ACL support patches have been merged into RHEL7 kernel. (since kernel-3.10.0-448.el7)
Comment 8 Yan, Zheng 2016-07-01 02:56:59 UTC 
BZ for the backport:

https://bugzilla.redhat.com/show_bug.cgi?id=1344930
Comment 14 John Spray 2016-08-12 12:37:02 UTC 
Looks fine to me, it might be worth clarifying that the kernel version is RHEL-specific (people use RHCS on other distros too, and their 3.10.x might be higher numbered but not have the support).