From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050308 Firefox/1.0.1 Description of problem: Red Hat previous patched the kernels in RHEL 3 to provide Sun-style ACL support over NFS for filesystems that support ACLs. Although the Admin Guide at: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/ch-acls.html still reports ACLs being available over NFS in RHEL4, this is not the case. After mounting an NFS mount from the remote server (that exported an ext3 filesystem with ACL support), and trying to do a setfacl command on a file, you receive an 'Operation not Supported' ACL utils are fully installed. We tried this with NFSv3 and NFSv4 to no avail. An strace of the setfacl command shows the following failure: etxattr("test", "system.posix_acl_access", 0x7fbffff390, 132) = -1 EOPNOTSUPP (Operation not supported) Doing the same operation from the server (not over nfs) returns a success as follows: getxattr("/my/test", "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x04\x00\xff\xff\xff\xff\x08\x00\x04\x000\x00\x00\x00\x10\x00\x04\x00\xff\xff\xff\xff \x00\x04\x00\xff\xff\xff\xff", 132) = 44 We are exporting the filesystem in /etc/exports with a line similar to the following: /my newserver.test(rw,sync,no_root_squash) The filesystem on the NFS server with the following fstab line: /dev/mapper/msa20-my /my ext3 defaults,acl,usrquota 0 0 The filesystem is mounted on the client using the following fstab line: newserver.test:/my /my nfs timeo=14,rsize=8192,wsize=8192,intr,hard,nfsvers=3,tcp 0 0 Looking at the source RPM for the Red Hat EL 4 kernel, it looks like the patches for ACL support over NFS are not included. We have verified this on RHEL AS4 i686, RHEL AS4 x86_64, and from mounting an NFS mount from a RHEL AS4 i686 server on a RHEL AS3 i686 server. Mounting NFS shares from a RHEL AS3 Server to another RHEL AS3 server works properly. Version-Release number of selected component (if applicable): Kernel 2.6.9-5.0.3 How reproducible: Always Steps to Reproduce: 1. Export a Ext3 Filesystem with ACL Support using NFS 2. Mount the filesystem on another RHEL 4 server 3. Try setfacl on a file on the nfs mount from the client Actual Results: Receive an 'Operation not Permitted" from RHEL Expected Results: System changes ACLs on remote resource Additional info:
We see this too, I've just reported it via Web Support as Service Request 521464
Extract from my Support Request: ------------EXTRACT------------------- I have finally managed to confirm that there is no NFS V3 ACL support in RHEL4 GA release. This code has subsequently undergone refinement with a view to re-integration In addition the NFS V4 code has undergone a number of fixes since GA release to cover various issues. Although the code changes covering the above have been tested there is no date yet as to when they will be merged, or of when they will be released, but given current release cycles the earliest they are likely to appear is Update 2 which is probably on a September timeframe. ---------END EXTRACT------------------ I've just pleaded for an accelerated timescale based on the fact this wasn't mentioned as absent in the release notes and hence was expected to be included.
*** Bug 158838 has been marked as a duplicate of this bug. ***
I am experiencing the same. I'm running the newest RHEL4 all updates applied. does anyone know the status of this? Is it not solved yet?
Created attachment 116511 [details] Proposed patch Here is the proposed patch that will add ACL support to NFS in RHEL4 kernels. Unfortunately our QA group will not have the cycles to test this so it will not be in the U2 release. With that said, I would still like to get this code tested. So I'm hopeful, through the "hot-fix" channel, I will be able to make a patched kernel available. Also, if anybody has some good ACL tests that they would like to be included into our test, please make them available.
Sorry for the late reply. Sorry, but I'm unable to test the patch right now. I'll try it the next time I get to play with fileservers not i production. Is it correct to interpret this as to expect ACL suport in NFS no sooner than RHEL4 upd 3? Or will it be available in one of the first kernel updates after the RHEL4 upd 2 release?
I am astounded that this omission is still present so many months after the release of RHEL4. ACLs are important to me for delegating responsibility for file modifications. ACL support that doesn't even work over NFS is not of any use, since we have a _system_ not just a single computer on which everyone works and all websites live! Please get ACL over NFS working _soon_ and out into the RHN updates. Having paid for the service of a supposedly working system and updates, I really don't want to have to get into testing patches (though it's nice they're there for anyone wanting a quick solution to the problem). [Can I really be unusual in finding this a big problem? I'd have thought almost any system of more than a few computers would desire both NFS and ACL, unless so large as to be using a distributed filesystem.]
I don't think you are unusual. We have an existing NFS infrastructure which needs ACLs (having only unix permissions is a real drag) - we're now looking at providing an AFS infrastructure because ACLs over that are independent of anything RH provides!!! (Incidentally, once U2 comes out, we'll be able to request a "hotfix" kernel for this issue from our support rep)
In response to Nathaniel Taylor: > (though it's nice > they're there for anyone wanting a quick solution to the problem). Perhaps a quicker and cheaper solution for you use to use the free Fedora releases . That is probably a quicker way still for you to get ACLs working over nfs, and will certainly save you money. In my experience, bugs are also fixed faster in Fedora than in the enterprise linux. Go figure. I don't understand.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0061.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0132.html
*** Bug 184410 has been marked as a duplicate of this bug. ***