From 99281fe31270d1c187643e7093f1663d06306d88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Krup=C4=8D=C3=ADk?= <lukas.krupcik@vsb.cz> Date: Tue, 21 Jan 2020 06:23:55 +0100 Subject: [PATCH] Update storage.md --- docs.it4i/barbora/storage.md | 39 ++++++++++++++---------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/docs.it4i/barbora/storage.md b/docs.it4i/barbora/storage.md index bf06a7bf2..54af78e54 100644 --- a/docs.it4i/barbora/storage.md +++ b/docs.it4i/barbora/storage.md @@ -227,34 +227,24 @@ Extended ACLs provide another security mechanism beside the standard POSIX ACLs ACLs on a Lustre file system work exactly like ACLs on any Linux file system. They are manipulated with the standard tools in the standard manner. Below, we create a directory and allow a specific user access. +* [nfs4_setfacl][e] +* [nfs4_getfacl][l] + ```console -[vop999@login1.barbora ~]$ umask 027 -[vop999@login1.barbora ~]$ mkdir test -[vop999@login1.barbora ~]$ ls -ld test -drwxr-x--- 2 vop999 vop999 4096 Nov 5 14:17 test -[vop999@login1.barbora ~]$ getfacl test +vop999@login1:~$ nfs4_getfacl test # file: test -# owner: vop999 -# group: vop999 -user::rwx -group::r-x -other::--- - -[vop999@login1.barbora ~]$ setfacl -m user:johnsm:rwx test -[vop999@login1.barbora ~]$ ls -ld test -drwxrwx---+ 2 vop999 vop999 4096 Nov 5 14:17 test -[vop999@login1.barbora ~]$ getfacl test +A::OWNER@:rwaxtTcCy +A::GROUP@:rwatcy +A::EVERYONE@:rtcy +vop999@login1:~$ nfs4_setfacl -a A::GROUP@:RWX test +vop999@login1:~$ nfs4_getfacl test # file: test -# owner: vop999 -# group: vop999 -user::rwx -user:johnsm:rwx -group::r-x -mask::rwx -other::--- +A::OWNER@:rwaxtTcCy +A::GROUP@:rwaxtcy +A::EVERYONE@:rtcy ``` -Default ACL mechanism can be used to replace setuid/setgid permissions on directories. Setting a default ACL on a directory (-d flag to setfacl) will cause the ACL permissions to be inherited by any newly created file or subdirectory within the directory. Refer to this page for more information on Linux ACL at [RedHat guide][e]. +Default ACL mechanism can be used to replace setuid/setgid permissions on directories. Setting a default ACL on a directory will cause the ACL permissions to be inherited by any newly created file or subdirectory within the directory. ## Local Filesystems @@ -378,10 +368,11 @@ Transfer rates of about 28 MB/s can be expected. [b]: http://www.nas.nasa.gov/hecc/support/kb/Lustre_Basics_224.html#striping [c]: http://doc.lustre.org/lustre_manual.xhtml#managingstripingfreespace [d]: https://support.it4i.cz/rt -[e]: https://access.redhat.com/documentation/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/ch09s05.html +[e]: http://man7.org/linux/man-pages/man1/nfs4_setfacl.1.html [f]: https://du.cesnet.cz/ [g]: https://du.cesnet.cz/en/start [h]: mailto:du-support@cesnet.cz [i]: https://du.cesnet.cz/en/navody/home-migrace-plzen/start [j]: https://du.cesnet.cz/en/navody/faq/start [k]: https://du.cesnet.cz/en/navody/rsync/start#pro_bezne_uzivatele +[l]: http://man7.org/linux/man-pages/man1/nfs4_getfacl.1.html -- GitLab