I'm sharing a NFS folder among a user group. The default umask on the clients is 0700, and this is a problem because newly created files won't be readable/writable by another users.
So, I'm using ACLs to force the umask 0770 on the shared folder, and this works OK on the server, but not on the clients.
server # getfacl /export/proyectos
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: export/proyectos
# owner: root
# group: root
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::r-x
server # getfacl /export/proyectos/innovacion
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: export/proyectos/innovacion
# owner: root
# group: proyecto-innovacion
# flags: ss-
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::---
As you see, the default (and also a specific on the second directory) mask ACLs are being applied.
I mount the whole share on the client:
172.16.54.56:/export/proyectos on /proyectos type nfs (rw,noatime,rsize=131072,wsize=131072,acregmin=10,acl,nfsvers=3,addr=172.16.54.56)
But the mask and default:mask ACLs are gone.
client $ getfacl /proyectos/
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: proyectos/
# owner: root
# group: root
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
client $ getfacl /proyectos/innovacion
getfacl: Eliminando «/» inicial en nombres de ruta absolutos
# file: proyectos/innovacion
# owner: root
# group: proyecto-innovacion
# flags: ss-
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---
It lacks the default:mask and mask ACLs, the only ones that I've setted. So the proposed solution to enforce umask won't work for me. Why is happening this?
No comments:
Post a Comment