+++ This bug was initially created as a clone of Bug #1226807 +++ Description of problem: Ganesha caches the ACLs for a directory too long, needs some re-validation or something. nfs4_setfacl will fails due to that. but succeeds when nfs-ganesha is restarted or when there is a sufficient delay. Version-Release number of selected component (if applicable): mainline How reproducible: always Steps to Reproduce: 1.Create and start a volume 2.Export a volume using nfs-ganesha 3.Create any user(user1) and group(group1) in the server and client 4.Mount the volume using nfs4 protocol 5.create directory at mount point : mkdir src 6.set acl(default acl for directory) using nfs4_setfacl on src: nfs4_setfacl -a A:gdf:group1:RWX src Actual results: nfs4_setfacl fails, but succeeds when there is a sufficient delay or when ganesha is restarted. Expected results: nfs4_setfacl should succeed Additional info: The POSIX ACLs on the brick are set correctly. May be need to invalidate the dentry.
This is a known issue , should be fixed in next release.
It is related to access control translator in gluster code, when an acl is set on directory , it update the in memory context of access control translator. A simple workaround for this issue is perform 'ls' on the directory after setting the acl.
The patch is posted at https://code.engineering.redhat.com/gerrit/#/c/52284/
This one fixed is in https://code.engineering.redhat.com/gerrit/#/c/52284/
nfs4_setfacl succeeds. Output: # mkdir /mnt/vol5/src1 # nfs4_setfacl -a A:gdf:acl_group.blr.redhat.com:RWX /mnt/vol5/src1 # nfs4_getfacl /mnt/vol5/src1/ A::OWNER@:rwaDxtTcCy A::GROUP@:rxtcy A:g:acl_group.blr.redhat.com:rwaDxtcy A::EVERYONE@:rxtcy A:fdi:OWNER@:tcy A:fdi:GROUP@:tcy A:fdig:acl_group.blr.redhat.com:rwaDxtcy A:fdi:EVERYONE@:tcy
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html