Thursday, July 26, 2007

An NFSv4 ACL editor

Let's say you have to use NFSv3 but need Access Control Lists (ACLs). Let's say your NFSv3 server does not support one of many proprietary Draft POSIX ACL protocols, but your server does have NFSv4 support and NFSv4 ACLs. Let's also say that an NFSv4 ACL on your server is enforced on NFSv3 access. Is there a way to use NFSv4 ACLs without having an NFSv4 client?

Yes. The idea is to use a user-level NFSv4 client that implements enough of the NFS protocol to read and write NFSv4 ACLs.

A while back I wrote such a beast and it is available at:

It has been ported to Solaris and Linux.

The user interface isn't as nice as I'd like, nor does it support Kerberos V5 authentication. But rather than wait for such things to get done in my "ample spare time", I think it is worthwhile to make it more widely know this software exists. Feedback welcome. If this proves popular, I'll find time to add requested features and bug fixes.


Anonymous Anonymous said...


I just bought my first NetApp Filer (actually, it's the StoreVault S500). I've discovered much to my chagrin that Solaris 9 POSIX ACLs are not supported. So your v4acl program looks like a reasonable alternative to me. I've enabled NFSv4 on my Filer, and I'm trying to set ACLs on it, but with no luck.

For example:

1$ id
uid=110(wmas) gid=103(cqsec)
2$ ls -l /home/summer01/tmp
total 0
-rw-r--r-- 1 root root 0 Sep 7 20:12 xxx
-rw-r----- 1 wmas cqsec 0 Sep 9 14:24 yyy
3$ v4acl -s user:korb:read_data/write_data/append_data/write_xattr:allow summer /vol/summer01/tmp/yyy
Segmentation Fault(coredump)

As for the command syntax, there is no man page included with v4acl. so I used the ACL syntax described in the chmod man page on one of my Solaris 10 hosts.

Am I missing something here?

Bill Korb

Sunday, September 09, 2007 12:56:00 PM  

Post a Comment

<< Home