nfs-ganesha 4.0.1 + ceph 16.2.6 + ACL

[amartel]

I'm very interested with nfs-ganesha v4 and the full support of posix acl in ceph fsal. I tried v4.0.1 on CentOS 8 (stream) but I still have trouble with ACL support when using CEPH FSAL. As samba provides this functionality, I looked into the samba source code and found additional instruction when setting up a CEPHFS share:

source3/modules/vfs_ceph.c, line 123:

	/* libcephfs disables POSIX ACL support by default, enable it... */
	ret = ceph_conf_set(cmount, "client_acl_type", "posix_acl");
	if (ret 
So, I added the following lines in src/FSAL/FSAL_CEPH/main.c at line 450 and build nfs-ganesha:
        ceph_status = ceph_conf_set(export->cmount, "client_acl_type", "posix_acl");
        if (ceph_status 
It seems to do the job (ie: POSIX ACLs are now working as expected) but I don't know if my initial problem was related to CEPH v16 (pacific), nor if my "patch" is appropriate (nfs-ganesha is quite complex)...

[ffilz]

Please submit a patch via gerrithub as documented in src/CONTRIBUTING_HOWTO.txt

[Keeper-of-the-Keys]

Is this related to https://github.com/nfs-ganesha/nfs-ganesha/issues/518 ?

[ffilz]

Is this related to #518 ?

Tangentially. FSAL_CEPH is hooked up for POSIX ACLs but it seems that some bits are missing.

FSAL_VFS is not at all hooked up to POSIX ACLs.

[nakermann1973]

Thanks for the patch. I have tested and it works for me for files in cephfs, but not for directories:

$ sudo nfs4_getfacl /mnt/ceph/tmp/logs/osd.log 
# file: /mnt/ceph/tmp/logs/osd.log
D::OWNER@:x
A::OWNER@:rwatTcCy
A::1001:rtcy
A::GROUP@:rtcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

$ sudo nfs4_getfacl /mnt/ceph/tmp/logs
Operation to request attribute not supported: /mnt/ceph/tmp/logs

It also shows the A::GROUP@:rtcy acl duplicated.

Any ideas on either of these issues?

---

• NFS-Ganesha Release = V4.0 (based on https://download.nfs-ganesha.org/4/4.0/CentOS/)
• ceph image quay.io/ceph/daemon:v6.0.7-stable-6.0-pacific-centos-stream8
• ceph version: ceph version 16.2.7 (dd0603118f56ab514f133c8d2e3adfc983942503) pacific (stable)

[ffilz]

V4.3 has been tagged with a fix for this issue. Closing as resolved.

[nakermann1973]

I don't see any recent changes in https://github.com/nfs-ganesha/nfs-ganesha/commits/next/src/FSAL/FSAL_CEPH/main.c which suggest this has been fixed. Can you point me to the patch?

[ffilz]

I don't see any recent changes in https://github.com/nfs-ganesha/nfs-ganesha/commits/next/src/FSAL/FSAL_CEPH/main.c which suggest this has been fixed. Can you point me to the patch?

There is an overwhelming number of issues that have gone stale. I have been bulk closing issues where there was some mention of a fix as having a fix available. Other issues that don't have recent activity are also being closed. Reasons for closure might not be precise...

If there's really something along this line that still needs addressing, might I suggest a new github issue clearly stating the issue, however, we can continue with this issue if strongly desired.

That said, I'm not sure what level of investment the small number of folks actively working on Ganesha have in ACLs, which ultimately is part of why this issue went so stale.

I'll re-open this for now.

[ffilz]

Proposed fix:

https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/552330

[ffilz]

V5.0 has been released. Closing.