Description of problem: Despite backend filesystems on bricks being mounted with ACL support and having POSIX ACLs applied to files and directories via clients using the Gluster fuse client the permissions are not reflected on an NFS client, nor can they be set via an NFS client. Version-Release number of selected component (if applicable): 3.4beta1, 3.4alpha3, 3.4alpha2 How reproducible: 100% Steps to Reproduce: 1. Spin up 2 bricks in replica mode, start a volume 2. Mount volume via Gluster fuse client (with -o acl), set ACLs on test file using setfacl, verify with getfacl 3. Verify extended permissions are present on brick file systems 4. Mount volume via NFS client (with -o acl), list files permissions via ls -la or getfacl Actual results: POSIX ACLs are not displayed with ls -la getfacl returns invalid argument when querying a file with ACLs. Expected results: ls -la displays files with + to indicate presence of POSIX ACLs getfacl displays extended ACL detail Additional info: # The server [jim@webcontent07 ~]$ rpm -qa | grep gluster glusterfs-fuse-3.4.0-0.1.beta1.el6.x86_64 glusterfs-3.4.0-0.1.beta1.el6.x86_64 glusterfs-server-3.4.0-0.1.beta1.el6.x86_64 [jim@webcontent07 ~]$ sudo gluster volume create testvol replica 2 webcontent07.in.pri.arc.pun.net:/exports/testvol webcontent08.in.pri.arc.pun.net:/exports/testvol volume create: testvol: success: please start the volume to access data [jim@webcontent07 ~]$ sudo gluster volume start testvol volume start: testvol: success # On the client [jim@puppet glustertest]$ rpm -qa | grep gluster glusterfs-3.4.0-0.4.beta1.el6.x86_64 glusterfs-fuse-3.4.0-0.4.beta1.el6.x86_64 [jim@puppet glustertest]$ mkdir gluster [jim@puppet glustertest]$ mkdir nfs [jim@puppet glustertest]$ sudo mount -t glusterfs -o acl webcontent07:/testvol gluster/ [jim@puppet glustertest]$ sudo mount -t nfs -o vers=3,acl webcontent07:/testvol nfs/ # Create testfile [jim@puppet glustertest]$ sudo touch gluster/testfile # Verify file exists [jim@puppet glustertest]$ ls -la gluster drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxrwxr-x 4 jim jim 4096 May 13 15:06 .. -rw-r--r-- 1 root root 0 May 13 15:08 gluster/testfile [jim@puppet glustertest]$ ls -la nfs total 8 drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxrwxr-x 4 jim jim 4096 May 13 15:06 .. -rw-r--r-- 1 root root 0 May 13 15:08 testfile # Verify file exists on server [jim@webcontent07 ~]$ ls -la /exports/testvol/ total 16 drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxr-xr-x 8 root root 4096 May 13 15:05 .. drw------- 5 root root 4096 May 13 15:08 .glusterfs -rw-r--r-- 2 root root 0 May 13 15:08 testfile # Set some extended ACLs [jim@puppet glustertest]$ sudo setfacl -R -m g:apache:rwx gluster/testfile # Verify extended ACLs via gluster client [jim@puppet glustertest]$ ls -la gluster/ total 8 drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxrwxr-x 4 jim jim 4096 May 13 15:06 .. -rw-rwxr--+ 1 root root 0 May 13 15:08 testfile [jim@puppet glustertest]$ getfacl gluster/testfile # file: gluster/testfile # owner: root # group: root user::rw- group::r-- group:apache:rwx mask::rwx other::r-- # Verify ACLs on server [jim@webcontent07 ~]$ ls -la /exports/testvol/ total 16 drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxr-xr-x 8 root root 4096 May 13 15:05 .. drw------- 5 root root 4096 May 13 15:08 .glusterfs -rw-rwxr--+ 2 root root 0 May 13 15:08 testfile # Verify ACLs via NFS [jim@puppet glustertest]$ ls -la nfs/ total 8 drwxr-xr-x 3 root root 4096 May 13 15:08 . drwxrwxr-x 4 jim jim 4096 May 13 15:06 .. -rw-rwxr-- 1 root root 0 May 13 15:08 testfile [jim@puppet glustertest]$ getfacl nfs/testfile getfacl: nfs/testfile: Invalid argument
On debian based, the problem is reversed on 3.4 stable. On Nfs3(mounted with acl) we can see the acl on files, and via gluster fuse client : acl on files do not appear.
This is also the case with the release version in the yum repository for CentOS. It works properly with FUSE, does not work with NFSv3. [root@node003 ~]# rpm -qa | grep gluster glusterfs-libs-3.4.0-8.el6.x86_64 glusterfs-server-3.4.0-8.el6.x86_64 glusterfs-3.4.0-8.el6.x86_64 glusterfs-cli-3.4.0-8.el6.x86_64 glusterfs-fuse-3.4.0-8.el6.x86_64 [root@node003 ~]# [root@node003 ~]# mount -t nfs -o vers=3,acl,tcp,noatime node000:/test-data /mnt/test-data-nfs [ctn@node003 test-data-nfs]$ getfacl * getfacl: original: Invalid argument getfacl: testing: Invalid argument [ctn@node003 test-data-nfs]$ ls original/ testing/ [ctn@node003 test-data-nfs]$ getfacl * getfacl: original: Invalid argument getfacl: testing: Invalid argument
Can you please confirm it on the latest GlusterFS mainline release?
GlusterFS 3.7.0 has been released (http://www.gluster.org/pipermail/gluster-users/2015-May/021901.html), and the Gluster project maintains N-2 supported releases. The last two releases before 3.7 are still maintained, at the moment these are 3.6 and 3.5. This bug has been filed against the 3,4 release, and will not get fixed in a 3.4 version any more. Please verify if newer versions are affected with the reported problem. If that is the case, update the bug with a note, and update the version if you can. In case updating the version is not possible, leave a comment in this bug report with the version you tested, and set the "Need additional information the selected bugs from" below the comment box to "bugs". If there is no response by the end of the month, this bug will get automatically closed.
GlusterFS 3.4.x has reached end-of-life. If this bug still exists in a later release please reopen this and change the version or open a new bug.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days