diff options
| author | Ralph Boehme <slow@samba.org> | 2018-11-29 11:01:59 +0100 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-03-18 19:21:25 +0000 |
| commit | c6ab2e6b735901c8aca33928b4b17f3c784aede0 (patch) | |
| tree | 2fe44d1ff38836bef621840fbed896f0b822eae9 /docs-xml | |
| parent | ebf9826158c2109a6d5702ad26aa41afdf982386 (diff) | |
| download | samba-c6ab2e6b735901c8aca33928b4b17f3c784aede0.tar.gz | |
vfs_nfs4acl_xattr: support for NFS 4.0 and 4.1 ACLs from NFS4 mount
This adds a new main switch "nfs" to "nfs4acl_xattr:encoding" which
enables to use NFS4 ACLs from an NFS4 mount on a Linux box. Tested with
a FreeBSD NFS4 server.
Supports both NFS 4.0 and 4.1 ACLs.
By default NFS4 servers send user and group identifiers in ACLs as
strings in the format "[USER|GROUP]@DNSDOMAIN". Some NFS4 servers
support sending identifiers as numeric strings. This module does support
this as well, the config knob "nfs4acl_xattr:nfs4_id_numeric = yes|no"
controls behaviour.
When "nfs4acl_xattr:encoding" is set to "nfs", the new option
"nfs4acl_xattr:validate_mode", which defauts to "yes" is set to "no" to
avoid checking and munging the mode on files.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/manpages/vfs_nfs4acl_xattr.8.xml | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml b/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml index c8780388184..c0fcee86b8c 100644 --- a/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml +++ b/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml @@ -45,12 +45,17 @@ <variablelist> <varlistentry> - <term>nfs4acl_xattr:encoding = [ndr|xdr]</term> + <term>nfs4acl_xattr:encoding = [nfs|ndr|xdr]</term> <listitem> <para>This parameter configures the marshaling format used in the ACL blob and the default extended attribute name used to store the blob. </para> + <para>When set to <emphasis>nfs</emphasis> - fetch and store the NT + ACL in NFS 4.0 or 4.1 compatible XDR encoding. By default this uses + the extended attribute "system.nfs4_acl". This setting also + disables <emphasis>validate_mode</emphasis>.</para> + <para>When set to <emphasis>ndr (default)</emphasis> - store the NT ACL with POSIX draft NFSv4 compatible NDR encoding. By default this uses the extended attribute "security.nfs4acl_ndr".</para> @@ -106,6 +111,33 @@ </listitem> </varlistentry> + <varlistentry> + <term>nfs4acl_xattr:nfs4_id_numeric = yes|no (default: no)</term> + <listitem> + <para>This parameter tells the module how the NFS4 server encodes user + and group identifiers on the network. With the default setting the + module expects identifiers encoded as per the NFS4 RFC as + user@domain.</para> + <para>When set to <emphasis>yes</emphasis>, the module expects the + identifiers as numeric string.</para> + <para>The default for this options<emphasis>no</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>nfs4acl_xattr:validate_mode = yes|no</term> + <listitem> + <para>This parameter configures whether the module enforces the POSIX + mode is set to 0777 for directores and 0666 for files. If this + constrained is not met, the xattr with the ACL blob is + discarded.</para> + <para>The default depends on the setting for + <emphasis>nfs4acl_xattr:encoding</emphasis>: when set to + <emphasis>nfs</emphasis> this setting is disabled by default, + otherwise it is enabled.</para> + </listitem> + </varlistentry> + </variablelist> </refsect1> |