1. The question
I have a directory dir
, which has (NFS) ACL default permissions, so that every file and folder created in it can be written by the user 1001
too by default. This directory is shared on NFS v4.
How do I make sure, that every file and folder I create through NFS inherits this permission?
2. Commands I ran exactly
I ran the following commands on the NFS client side.
client@nfsclient $ nfs4_getfacl dir
# file: dir
A::OWNER@:rwaDxtTcCy
A::1001:rwaDxtcy
A::GROUP@:rxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:1001:rwaDxtcy
A:fdi:GROUP@:rxtcy
A:fdi:EVERYONE@:rxtcy
However, when I create a new file in it, it's permissions don't allow user 1001
to write this file.
client@nfsclient $ touch dir/file
client@nfsclient $ nfs4_getfacl dir/file
# file: dir/file
A::OWNER@:rwatTcCy
A::1001:rtcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy
Why don't the user 1001
have write permission to dir/file
in this case?
When I look at this same dir/file
on the NFS server, the permissions somehow don't allow it to write because of the mask
.
server@nfsserver $ getfacl dir/file
# file: dir/file
# owner: client
# group: client
user::rw-
user:1001:rwx #effective:r--
group::r-x #effective:r--
mask::r--
other::r--
Is there a way to make sure that on file creation the mask is correct?
3. It works on serverside
When I run the same exact commands on serverside, the default permissions are obeyed.
server@nfsserver $ getfacl dir
# file: dir
# owner: client
# group: client
user::rwx
user:1001:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:1001:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
And it creates the permissions just right.
server@nfsserver $ touch dir/file
server@nfsserver $ getfacl dir/file
# file: dir/file
# owner: server
# group: server
user::rw-
user:1001:rwx #effective:rw-
group::r-x #effective:r--
mask::rw-
other::r--
I'm using NFS v4, and ext4 filesystem.