NFS client using NFSv4 ACLs loses the correct mask of a newly created file in subdirectories

Solution Verified - Updated -

Issue

  • In NFSv4, creating a file that inherits ACLs loses mask unlike on a local filesystem
  • NFSv4 ACLs are not getting inherited to the subdirectories in Red Hat Linux 6.5
  • NFS Server1 shares an NFSv4 export with ACL support. A directory named testdir owned by root.root has ACLs permitting user1 to access it and a default ACL.
# file: .
# owner: root
# group: root
user::rwx
user:user1:rwx
user:user2:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:user1:rwx
default:user:user2:rwx
default:group::---
default:mask::rwx
default:other::---

Locally, new files in that folder have proper group permissions in order to permit the user1 ACL to apply.

-rw-rw----+ 1 root  root  0 Jun 28 11:02 test1

On the NFS client, ACLs are visible:

A::OWNER@:rwaDxtTcCy
A::user1@mgtlu.1327.local:rwaDxtcy
A::user2@mgtlu.1327.local:rwaDxtcy
A::GROUP@:tcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:tcy
A:fdi:EVERYONE@:tcy

But when user1 create a file, it cannot be read by user2 because the default group permissions were not applied.

-rw-------. 1 user1 user1    0 Jun 28 11:18 test2

Environment

  • Red Hat Enterprise Linux 6 (NFS client and server)
  • Red Hat Enterprise Linux 7 (NFS client and server)
  • NFS4 with ACLs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content