UNIX模式文件权限和NFSv4 ACL不能像RFC中报告的那样工作
适用场景
- NFSv4
- UNIX模式文件权限
- ONTAP 9
问题描述
- 在
chmod
nfs4_setacl
从客户端设置权限或使用ACL设置权限时、显示的权限不是有效权限:
user@ubuntu:/mnt$ ls -l
-rw-r--r-- 1 user group 40960 dec 16 15:03 file.tar
user@ubuntu:/mnt$ tar tvf file.tar
drwxr-xr-x user/group 0 2022-11-15 14:57 scripts/
-rwxr-xr-x user/group 289 2021-06-16 15:55 scripts/data1.bash
-rw-r--r-- user/group 2294 2020-01-29 15:54 scripts/data2.sh
-rwxr-xr-x user/group 578 2021-07-07 11:17 scripts/collect.bash
-rwxrwxr-x user/group 1804 2018-08-22 12:39 scripts/acltest.sh
-rwxr-xr-x user/group 15647 2021-05-28 13:23 scripts/parser.py
-rwxr-xr-x user/group 3479 2021-06-17 16:56 scripts/collection_1.1.bash
-rwxr-xr-x user/group 927 2020-01-28 11:38 scripts/memory_check.bash
-rwxr-xr-x user/group 2853 2021-06-16 15:54 scripts/collection_1.0.bash
-rwxr-xr-x user/group 2108 2019-09-26 10:38 scripts/ems_logdump
-rw-r--r-- user/group 111 2021-07-02 09:36 scripts/keep.csh
user@ubuntu:/mnt$ nfs4_getfacl /mnt/file.tar
# file: /mnt/file.tar
A::OWNER@:rwatTnNcCy
A:g:GROUP@:rtncy
A::EVERYONE@:rtncy
user@ubuntu:/mnt$ nfs4_setfacl -m A:g:GROUP@:rtncy A:g:GROUP@:tcy /mnt/file.tar
user@ubuntu:/mnt$ nfs4_setfacl -m A::EVERYONE@:rtncy A::EVERYONE@:rwatTnNcy /mnt/file.tar
user@ubuntu:/mnt$ nfs4_setfacl -m A::OWNER@:rwatTnNcCy A::OWNER@:tcCy /mnt/file.tar
user@ubuntu:/mnt$ ls -la
-------rw- 1 user group 40960 dec 16 15:03 file.tar
user@ubuntu:/mnt$ nfs4_getfacl /mnt/scripts.tar
# file: /mnt/file.tar
A::OWNER@:tcCy
A:g:GROUP@:tcy
A::EVERYONE@:rwatTnNcy
user@ubuntu:/mnt$ tar tvf file.tar
drwxr-xr-x user/group 0 2022-11-15 14:57 scripts/
-rwxr-xr-x user/group 289 2021-06-16 15:55 scripts/data1.bash
-rw-r--r-- user/group 2294 2020-01-29 15:54 scripts/data2.sh
-rwxr-xr-x user/group 578 2021-07-07 11:17 scripts/collect.bash
-rwxrwxr-x user/group 1804 2018-08-22 12:39 scripts/acltest.sh
-rwxr-xr-x user/group 15647 2021-05-28 13:23 scripts/parser.py
-rwxr-xr-x user/group 3479 2021-06-17 16:56 scripts/collection_1.1.bash
-rwxr-xr-x user/group 927 2020-01-28 11:38 scripts/memory_check.bash
-rwxr-xr-x user/group 2853 2021-06-16 15:54 scripts/collection_1.0.bash
-rwxr-xr-x user/group 2108 2019-09-26 10:38 scripts/ems_logdump
-rw-r--r-- user/group 111 2021-07-02 09:36 scripts/keep.csh
- 这是@协议规范中的每个人定义的预期结果:
6.2.1.5.1. Discussion of EVERYONE@
It is important to note that "EVERYONE@" is not equivalent to the
UNIX "other" entity. This is because, by definition, UNIX "other"
does not include the owner or owning group of a file. "EVERYONE@"
means literally everyone, including the owner or owning group.
- 但是、的输出
ls
与有效权限不匹配、因为它应符合第 6.3.2 和 6.4节定义的协议定义 - 类似行为使用更改权限
chmod
:在这种情况下、所有者无权根据协议定义打开文件、即使输出nfs4_getacl
建议可以:
user@ubuntu:/mnt$ ls -l
-rw-r--r-- 1 user group 40960 dec 16 15:03 file.tar
user@ubuntu:/mnt$ chmod 006 file.tar
user@ubuntu:/mnt$ ls -l
-------rw- 1 user group 40960 dec 16 15:03 file.tar
user@ubuntu:/mnt$ nfs4_getfacl /mnt/file.tar
# file: /mnt/file.tar
A::OWNER@:tcCy
A:g:GROUP@:tcy
A::EVERYONE@:rwatTnNcy
user@ubuntu:/mnt$ tar -xf file.tar
tar: /mnt/file.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now