Having difficulties making Linux ACL (getfacl/setfacl) work with NFS shares. We are using Ubuntu clients and QNAP storage as server.
At the moment only root user on Ubuntu has read/write access. Normal user (like www-data) gets permission denied when trying to write something.
We created the same users (www-data, ubuntu) on QNAP, set the same UIDs and GUIDs by editing /etc/passwd /etc/group but it does not help. Weird.
Our setup is the following:
QNAP:
1.) Feature "Enable Advanced Folder Permissions" is checked
2.) /etc/exports is auto-generated on qnap and is the following
"/share/MD0_DATA/Public" *(rw,async,no_root_squash,insecure)
"/share/MD0_DATA/XXX" X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure)
basically it sets "rw,async,no_root_squash,insecure" for all the exported partitions
Client (Ubuntu):
1.) /etc/fstab
X.X.X.X:/XXX /external nfs acl,soft,intr,rsize=8192,wsize=8192
2.) getfacl /external shows:
# file: external
# owner: root
# group: root
user::rwx
user:root:rwx
user:www-data:rwx
user:ubuntu:rwx
user:nobody:---
group::---
group:users:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:www-data:rwx
default:user:ubuntu:rwx
default:user:nobody:---
default:group::rwx
default:group:users:rwx
default:mask::rwx
default:other::---
The share is visible, but only root has write access. All others (like ubuntu, www-data) users have only read access. We would like to use ACL, at the moment we can only set RWX to POSIX 'others' which is not secure at all.
Best Answer
My understanding is that ACLs do NOT work over NFS, especially V3 NFS. However, I understand that there are some type of ACLs available in v4 NFS. But I don't think that Linux ACLs work with NFS v4.....