+++ This bug was initially created as a clone of Bug #1226802 +++ Description of problem: Files created in a directory that should inherit ACLs is not working for group write-permissions.That is specfic users in the cannot write into the file evenif he has nfs4_acl permission. Version-Release number of selected component (if applicable): mainline How reproducible: always Steps to Reproduce: 1.Create and start a volume 2.Export a volume using nfs-ganesha 3.Create any user(user1) and group(group1) in the server and client 4.Mount the volume using nfs4 protocol 5.create directory at mount point : mkdir src 6.set inherit acl(default acl for directory) using nfs4_setfacl on src: nfs4_setfacl -a A:gdf:group1:RWX src 7. Tries to write into a "file" inside src using user1 : su -c "/bin/echo 'Hello world' > src/file" user1 Actual results: write fails for the file Expected results: write should succeed. Additional info: In the case of kernel nfs it is working properly.The posix ACL set on the backend is same in both cases.But nfs4_acl for nfs-ganesha and kernel nfs is little bit different --- Additional comment from Jiffin on 2015-06-09 02:09:00 EDT --- In the nfs4_acl <-> posix_acl conversion , ACL entry EVERYONE should be considered for all other entry. This fix for this is send to ganesha uptream : https://review.gerrithub.io/#/c/235200/
1. create a directory after mounting the volume with vers=4 # mkdir /export/mnt1/vol4/acl_user1_dir7 # nfs4_getfacl /export/mnt1/vol4/acl_user1_dir7 A::OWNER@:rwaDxtTcCy A::GROUP@:rxtcy A::EVERYONE@:rxtcy 2. set the inherit acl # nfs4_setfacl -a "A:gdf:acl_group.blr.redhat.com:rwx" /export/mnt1/vol4/acl_user1_dir7 # nfs4_getfacl /export/mnt1/vol4/acl_user1_dir7 A::OWNER@:rwaDxtTcCy A::GROUP@:rxtcy A:g:acl_group.blr.redhat.com:rwaDxtcy A::EVERYONE@:rxtcy A:fdi:OWNER@:tcy A:fdi:GROUP@:tcy A:fdig:acl_group.blr.redhat.com:rwaDxtcy A:fdi:EVERYONE@:tcy 3. try to write to a file inside the directory of consideration. # su -c "/bin/echo 'hello world' > /export/mnt1/vol4/acl_user1_dir7/file1" acl_user1 # cat /export/mnt1/vol4/acl_user1_dir7/file1 hello world
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html