unixadmin.free.fr just another IBM blog and technotes backup

18mar/11

IBM AIX NFS V4 AND ACCESS CONTROL LIST (ACL)

SOURCE

https://www-304.ibm.com/support/docview.wss?uid=isg3T1011887

Question
HOW TO IMPLEMENT NFS V4 AND ACLS

Cause
SET THE NFS V4 ACL ON THE JFS2 FILESYSTEM ON THE NFS SERVER

Answer
Most physical filesystem types on AIX do not support NFS4 ACL. These filesystem types include, but are not limited to: CFS, UDF, JFS, and JFS2 with extended attribute Version 1.
NOTE: Only JFS2 with extended attribute Version 2 (J2) supports NFS V4 ACLs.

CHANGE THE FILESYSTEM TO BE EXPORTED TO EA=V2

# chfs -a ea=v2 /export/nfs

Check the filesystem setting:

# lsfs -q /export/nfs

/dev/nfs -- /export/nfs jfs2 20971520 rw yes no
(lv size: 20971520, fs size: 20971520, block size: 4096, sparse files:
yes, inline log: no, inline log size: 0, EAformat: v2, Quota: no, DMAPI:
no, VIX: no)

Note that the EAformat is now v2 instead of v1.

Additional information on ea=v2:
ea=v2
Converts the JFS2 file system extended attribute (ea) format. A JFS2 file system using the v1 format can be converted to one using v2 format. After it is converted the file system cannot be converted back to v1. The conversion is done in an on-demand manner such that any extended attribute or ACL writes cause the conversion for that file object to occur. The v2 format provides support for scalable named extended attributes as well as support for NFS4 ACLs. The v1 format is compatible with prior releases of AIX.

CONFIGURE THE NFS SERVER FOR NFS V4:

Configure the nfs v4 domain

# smitty chnfsdom
Change NFS Local Domain
NFS Local Domain [test.com]

Check the nfs v4 domain

# chnfsdom
test.com

Start the nfs daemons that are required for nfs v4

# startsrc -s nfsd
# startsrc -s rpc.mountd
# startsrc -s nfsrgyd

# lssrc -g nfs
nfsd nfs active
rpc.mountd nfs active
nfsrgyd nfs active

EXPORT FILESYSTEM VIA NFS

# smitty nfs
Network File System (NFS)
Add a Directory to Exports List

Pathname of directory to export [/export/nfs]
Export directory now, system restart or both both
Allow access by NFS versions [4]
Security method 1 [sys]
Mode to export directory [read-write]

# cat  /etc/exports
/export/nfs -vers=4,sec=sys,rw

# exportfs
/export/nfs -vers=4,sec=sys,rw


CONFIGURE THE NFS V4 CLIENT

Configure the nfs v4 domain

# smitty chnfsdom
Change NFS Local Domain
NFS Local Domain [test.com]

Check the nfs v4 domain
# chnfsdom
test.com

Start the nfs daemons that are required for nfs v4

# startsrc -s nfsrgyd

# lssrc -g nfs
nfsrgyd nfs active

MOUNT THE NFS V4 EXPORT USING THE ACL MOUNT OPTION:

# mount -o vers=4,acl nfs_server:/export/nfs /data

# mount | grep nfs
/export/nfs /data nfs4  rw,bg,hard,intr,acl,vers=4,sec=sys

If you want the nfs mount to mount on bootup add the nfs mount to /etc/filesystems using smit.

# smitty mknfsmnt

Fill in the appropriate information, also select the mount options 4 (for nfs v4) and change acls to yes.

Display the access control information of a file.

# aclget /data
Taggé comme: Aucun commentaire