Thursday, July 26, 2007

An NFSv4 ACL editor

Let's say you have to use NFSv3 but need Access Control Lists (ACLs). Let's say your NFSv3 server does not support one of many proprietary Draft POSIX ACL protocols, but your server does have NFSv4 support and NFSv4 ACLs. Let's also say that an NFSv4 ACL on your server is enforced on NFSv3 access. Is there a way to use NFSv4 ACLs without having an NFSv4 client?

Yes. The idea is to use a user-level NFSv4 client that implements enough of the NFS protocol to read and write NFSv4 ACLs.

A while back I wrote such a beast and it is available at:

It has been ported to Solaris and Linux.

The user interface isn't as nice as I'd like, nor does it support Kerberos V5 authentication. But rather than wait for such things to get done in my "ample spare time", I think it is worthwhile to make it more widely know this software exists. Feedback welcome. If this proves popular, I'll find time to add requested features and bug fixes.