Bug 151549 - RHEL 4 Kernel does not provide ACL support over NFS
RHEL 4 Kernel does not provide ACL support over NFS
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Dickson
Brian Brock
:
Depends On:
Blocks: 168429 172741 173386
  Show dependency treegraph
 
Reported: 2005-03-19 01:38 EST by James Cooley
Modified: 2007-11-30 17:07 EST (History)
10 users (show)

See Also:
Fixed In Version: RHSA-2006-0132
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 13:47:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (85.94 KB, patch)
2005-07-08 08:59 EDT, Steve Dickson
no flags Details | Diff

  None (edit)
Description James Cooley 2005-03-19 01:38:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050308 Firefox/1.0.1

Description of problem:

Red Hat previous patched the kernels in RHEL 3 to provide Sun-style ACL support over NFS for filesystems that support ACLs.

Although the Admin Guide at: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/ch-acls.html

still reports ACLs being available over NFS in RHEL4, this is not the case.

After mounting an NFS mount from the remote server (that exported an ext3 filesystem with ACL support), and trying to do a setfacl command on a file, you receive an 'Operation not Supported'


ACL utils are fully installed.  We tried this with NFSv3 and NFSv4 to no avail.


An strace of the setfacl command shows the following failure:

etxattr("test", "system.posix_acl_access", 0x7fbffff390, 132) = -1 
EOPNOTSUPP (Operation not supported)

Doing the same operation from the server (not over nfs) returns a success as follows:
getxattr("/my/test", "system.posix_acl_access", 
"\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x04\x00\xff\xff\xff\xff\x08\x00\x04\x000\x00\x00\x00\x10\x00\x04\x00\xff\xff\xff\xff
\x00\x04\x00\xff\xff\xff\xff", 132) = 44


We are exporting the filesystem in /etc/exports with a line similar to 
the following:

/my newserver.test(rw,sync,no_root_squash)



The filesystem on the NFS server with the following fstab line:

/dev/mapper/msa20-my   /my    ext3 defaults,acl,usrquota 0 0




The filesystem is mounted on the client using the following fstab line:

newserver.test:/my /my nfs 
timeo=14,rsize=8192,wsize=8192,intr,hard,nfsvers=3,tcp 0 0

Looking at the source RPM for the Red Hat EL 4 kernel, it looks like the patches for ACL support over NFS are not included.


We have verified this on RHEL AS4 i686, RHEL AS4 x86_64, and from mounting an NFS mount from a RHEL AS4 i686 server on a RHEL AS3 i686 server.  Mounting NFS shares from a RHEL AS3 Server to another RHEL AS3 server works properly.


Version-Release number of selected component (if applicable):
Kernel 2.6.9-5.0.3

How reproducible:
Always

Steps to Reproduce:
1.  Export a Ext3 Filesystem with ACL Support using NFS
2.  Mount the filesystem on another RHEL 4 server 
3.  Try setfacl on a file on the nfs mount from the client


Actual Results:  
Receive an 'Operation not Permitted" from RHEL  

Expected Results:  
System changes ACLs on remote resource

Additional info:
Comment 2 Sam Sharpe 2005-04-01 10:41:43 EST
We see this too, I've just reported it via Web Support as Service Request 521464
Comment 3 Sam Sharpe 2005-04-04 11:17:05 EDT
Extract from my Support Request:
------------EXTRACT-------------------
I have finally managed to confirm that there is no NFS V3 ACL support in RHEL4
GA release. This code has subsequently undergone refinement with a view to
re-integration In addition the NFS V4 code has undergone a number of fixes since
GA release to cover various issues.

Although the code changes covering the above have been tested there is no date
yet as to when they will be merged, or of when they will be released, but given
current release cycles the earliest they are likely to appear is Update 2 which
is probably on a September timeframe.
---------END EXTRACT------------------

I've just pleaded for an accelerated timescale based on the fact this wasn't
mentioned as absent in the release notes and hence was expected to be included.
Comment 4 Steve Dickson 2005-06-21 05:53:42 EDT
*** Bug 158838 has been marked as a duplicate of this bug. ***
Comment 9 Mikael M. Hansen 2005-07-08 08:36:11 EDT
I am experiencing the same. I'm running the newest RHEL4 all updates applied.
does anyone know the status of this? Is it not solved yet?
Comment 10 Steve Dickson 2005-07-08 08:59:56 EDT
Created attachment 116511 [details]
Proposed patch

Here is the proposed patch that will add ACL support to NFS
in RHEL4 kernels. Unfortunately our QA group will not have
the cycles to test this so it will not be in the U2 release.

With that said, I would still like to get this code tested. So
I'm hopeful, through the "hot-fix" channel,  I will be able
to make a patched kernel available.

Also, if anybody has some good ACL tests that they
would like to be included into our test, please make them
available.
Comment 11 Mikael M. Hansen 2005-08-01 06:57:38 EDT
Sorry for the late reply.

Sorry, but I'm unable to test the patch right now. I'll try it the next time I
get to play with fileservers not i production.

Is it correct to interpret this as to expect ACL suport in NFS no sooner than
RHEL4 upd 3? Or will it be available in one of the first kernel updates after
the RHEL4 upd 2 release?
Comment 17 Nathaniel Taylor 2005-09-09 07:11:44 EDT
I am astounded that this omission is still present so many 
months after the release of RHEL4. 
 
ACLs are important to me for delegating responsibility for 
file modifications.  ACL support that doesn't even work over NFS is not 
of any use, since we have a _system_ not just a single computer on which 
everyone works and all websites live! 
 
Please get ACL over NFS working _soon_ and out into the RHN updates. 
Having paid for the service of a supposedly working system and updates, I 
really don't want to have to get into testing patches (though it's nice 
they're there for anyone wanting a quick solution to the problem). 
 
[Can I really be unusual in finding this a big problem?  I'd have thought 
almost any system of more than a few computers would desire both NFS and ACL,  
unless so large as to be using a distributed filesystem.] 
 
 
 
Comment 18 Sam Sharpe 2005-09-09 07:33:48 EDT
I don't think you are unusual. We have an existing NFS infrastructure which 
needs ACLs (having only unix permissions is a real drag) - we're now looking at 
providing an AFS infrastructure because ACLs over that are independent of 
anything RH provides!!!

(Incidentally, once U2 comes out, we'll be able to request a "hotfix" kernel 
for this issue from our support rep)
Comment 19 EE CAP Admin 2005-09-09 19:34:07 EDT
In response to Nathaniel Taylor:

> (though it's nice 
> they're there for anyone wanting a quick solution to the problem). 

Perhaps a quicker and cheaper solution for you use to use the free Fedora
releases .  That is probably a quicker way still for you to get ACLs working
over nfs, and will certainly save you money.  In my experience, bugs are also
fixed faster in Fedora than in the enterprise linux.  Go figure.  I don't
understand.
Comment 36 Red Hat Bugzilla 2006-03-07 13:02:30 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0061.html
Comment 37 Red Hat Bugzilla 2006-03-07 13:47:57 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0132.html
Comment 39 Karel Zak 2006-03-08 11:46:35 EST
*** Bug 184410 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.