メインコンテンツまでスキップ

UNIXモードのファイル権限およびNFSv4 ACLは、RFCで報告されているように機能しません

Views:
32
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>2009377444</a>
Last Updated:

環境

  • NFSv4
  • UNIXモードのファイルアクセス権
  • ONTAP 9

問題

  • chmodnfs4_setaclクライアントからACLを使用してアクセス権を設定または設定する場合、表示されるアクセス権は有効ではありません。
user@ubuntu:/mnt$ ls -l
-rw-r--r--  1 user group 40960 dec 16 15:03 file.tar

user@ubuntu:/mnt$ tar tvf file.tar
drwxr-xr-x user/group   0 2022-11-15 14:57 scripts/
-rwxr-xr-x user/group  289 2021-06-16 15:55 scripts/data1.bash
-rw-r--r-- user/group  2294 2020-01-29 15:54 scripts/data2.sh
-rwxr-xr-x user/group  578 2021-07-07 11:17 scripts/collect.bash
-rwxrwxr-x user/group  1804 2018-08-22 12:39 scripts/acltest.sh
-rwxr-xr-x user/group 15647 2021-05-28 13:23 scripts/parser.py
-rwxr-xr-x user/group  3479 2021-06-17 16:56 scripts/collection_1.1.bash
-rwxr-xr-x user/group  927 2020-01-28 11:38 scripts/memory_check.bash
-rwxr-xr-x user/group  2853 2021-06-16 15:54 scripts/collection_1.0.bash
-rwxr-xr-x user/group  2108 2019-09-26 10:38 scripts/ems_logdump
-rw-r--r-- user/group  111 2021-07-02 09:36 scripts/keep.csh

user@ubuntu:/mnt$ nfs4_getfacl /mnt/file.tar
# file: /mnt/file.tar
A::OWNER@:rwatTnNcCy
A:g:GROUP@:rtncy
A::EVERYONE@:rtncy

user@ubuntu:/mnt$ nfs4_setfacl -m A:g:GROUP@:rtncy A:g:GROUP@:tcy /mnt/file.tar
user@ubuntu:/mnt$ nfs4_setfacl -m A::EVERYONE@:rtncy A::EVERYONE@:rwatTnNcy /mnt/file.tar
user@ubuntu:/mnt$ nfs4_setfacl -m A::OWNER@:rwatTnNcCy A::OWNER@:tcCy /mnt/file.tar

user@ubuntu:/mnt$ ls -la
-------rw-  1 user group 40960 dec 16 15:03 file.tar

user@ubuntu:/mnt$ nfs4_getfacl /mnt/scripts.tar
# file: /mnt/file.tar
A::OWNER@:tcCy
A:g:GROUP@:tcy
A::EVERYONE@:rwatTnNcy

user@ubuntu:/mnt$ tar tvf file.tar
drwxr-xr-x user/group   0 2022-11-15 14:57 scripts/
-rwxr-xr-x user/group  289 2021-06-16 15:55 scripts/data1.bash
-rw-r--r-- user/group  2294 2020-01-29 15:54 scripts/data2.sh
-rwxr-xr-x user/group  578 2021-07-07 11:17 scripts/collect.bash
-rwxrwxr-x user/group  1804 2018-08-22 12:39 scripts/acltest.sh
-rwxr-xr-x user/group 15647 2021-05-28 13:23 scripts/parser.py
-rwxr-xr-x user/group  3479 2021-06-17 16:56 scripts/collection_1.1.bash
-rwxr-xr-x user/group  927 2020-01-28 11:38 scripts/memory_check.bash
-rwxr-xr-x user/group  2853 2021-06-16 15:54 scripts/collection_1.0.bash
-rwxr-xr-x user/group  2108 2019-09-26 10:38 scripts/ems_logdump
-rw-r--r-- user/group  111 2021-07-02 09:36 scripts/keep.csh

  • これは、プロトコル仕様のEVERYONE@定義に基づいて想定されます。

6.2.1.5.1.  Discussion of EVERYONE@

  It is important to note that "EVERYONE@" is not equivalent to the
  UNIX "other" entity.  This is because, by definition, UNIX "other"
  does not include the owner or owning group of a file.  "EVERYONE@"
  means literally everyone, including the owner or owning group.

  • ただし、の出力 ls は、セクション 6.3.2 および 6.4で定義されているプロトコル定義に基づいている必要があるため、有効な権限と一致しません
  • を使用chmodした同様の動作変更権限:このシナリオでは、の出力 nfs4_getaclで次のような可能性があるとしても、プロトコル定義に基づいてファイルを開く権限が所有者に与えられていません。

user@ubuntu:/mnt$ ls -l
-rw-r--r--  1 user group 40960 dec 16 15:03 file.tar

user@ubuntu:/mnt$ chmod 006 file.tar
user@ubuntu:/mnt$ ls -l
-------rw-  1 user group 40960 dec 16 15:03 file.tar

user@ubuntu:/mnt$ nfs4_getfacl /mnt/file.tar
# file: /mnt/file.tar
A::OWNER@:tcCy
A:g:GROUP@:tcy
A::EVERYONE@:rwatTnNcy

user@ubuntu:/mnt$ tar -xf file.tar
tar: /mnt/file.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.