[Gluster-users] gluster and acl support

Niels de Vos ndevos at redhat.com
Thu Mar 5 21:18:28 UTC 2015 

On Thu, Mar 05, 2015 at 03:31:51PM -0500, Tom Young wrote:
> Update –
> 
> I found that we can enable ACLs on the gluster server, and still have
> access to more than 32 groups.  I had to remove the acl option from the
> client that was mounting the gluster volume, and everything started working
> the way we wanted.  Thank you

Great to hear, thanks for reporting the details!

I was wondering about this too, but did not have the time to try it out
yet. The 'acl' mount option causes a posix-acl xlator to be loaded on
the client-side. This improves the performance for ACL handling, but
that xlator is indeed limited to 32 groups. Dropping the 'acl' option
from the mount command, prevents loading the posix-acl xlator. This is
not an issue, as long as FUSE still uses ACLs when the option is not
passed (which I was not sure of).

If you want, you can file a bug about this problem so we won't forget
about it and can look into fixing it in the future.

Thanks,
Niels

> 
> 
> 
> 
> 
> Tom Young
> 
> 
> 
> *From:* Tom Young [mailto:tom.young at corvidtec.com]
> *Sent:* Thursday, March 05, 2015 1:36 PM
> *To:* 'gluster-users at gluster.org'
> *Subject:* gluster and acl support
> 
> 
> 
> Hello,
> 
> I would like to use ACLs on my gluster volume, and also not be restricted
> by the 32 group limitation if I do.  I have noticed that if I enable acl
> support on a client, then I am restricted to using 32 groups.  I have
> several users that are part of more than 32 groups, but they still want to
> use ACLs on certain directories.  The underlying filesystem is xfs, and I
> have gotten acls to work, but then my users lose access to any group
> they’re a part of after 32.
> 
> Has anyone encountered this, and more importantly, have you discovered away
> to make ACLs work with more than 32 groups?
> 
> 
> 
> *Installed RPMs:*
> 
> gluster-nagios-common-0.1.1-0.el6.noarch
> 
> glusterfs-libs-3.6.2-1.el6.x86_64
> 
> glusterfs-geo-replication-3.6.2-1.el6.x86_64
> 
> glusterfs-devel-3.6.2-1.el6.x86_64
> 
> glusterfs-3.6.2-1.el6.x86_64
> 
> glusterfs-cli-3.6.2-1.el6.x86_64
> 
> glusterfs-rdma-3.6.2-1.el6.x86_64
> 
> glusterfs-fuse-3.6.2-1.el6.x86_64
> 
> glusterfs-server-3.6.2-1.el6.x86_64
> 
> glusterfs-debuginfo-3.6.2-1.el6.x86_64
> 
> glusterfs-extra-xlators-3.6.2-1.el6.x86_64
> 
> samba-vfs-glusterfs-4.1.11-2.el6.x86_64
> 
> glusterfs-api-3.6.2-1.el6.x86_64
> 
> glusterfs-api-devel-3.6.2-1.el6.x86_64
> 
> 
> 
> */etc/fstab entry:*
> 
> gfsib01a.corvidtec.com:/homegfs  /homegfs             glusterfs
> transport=tcp,acl,_netdev 0 0
> 
> 
> 
> *GFS Volume info:*
> 
> Volume Name: homegfs
> 
> Type: Distributed-Replicate
> 
> Volume ID: 1e32672a-f1b7-4b58-ba94-58c085e59071
> 
> Status: Started
> 
> Number of Bricks: 4 x 2 = 8
> 
> Transport-type: tcp
> 
> Bricks:
> 
> Brick1: gfsib01a.corvidtec.com:/data/brick01a/homegfs
> 
> Brick2: gfsib01b.corvidtec.com:/data/brick01b/homegfs
> 
> Brick3: gfsib01a.corvidtec.com:/data/brick02a/homegfs
> 
> Brick4: gfsib01b.corvidtec.com:/data/brick02b/homegfs
> 
> Brick5: gfsib02a.corvidtec.com:/data/brick01a/homegfs
> 
> Brick6: gfsib02b.corvidtec.com:/data/brick01b/homegfs
> 
> Brick7: gfsib02a.corvidtec.com:/data/brick02a/homegfs
> 
> Brick8: gfsib02b.corvidtec.com:/data/brick02b/homegfs
> 
> Options Reconfigured:
> 
> server.manage-gids: on
> 
> changelog.rollover-time: 15
> 
> changelog.fsync-interval: 3
> 
> changelog.changelog: on
> 
> geo-replication.ignore-pid-check: on
> 
> geo-replication.indexing: off
> 
> storage.owner-gid: 100
> 
> network.ping-timeout: 10
> 
> server.allow-insecure: on
> 
> performance.write-behind-window-size: 128MB
> 
> performance.cache-size: 128MB
> 
> performance.io-thread-count: 32
> 
> 
> 
> Thank you
> 
> 
> 
> Tom

> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150305/8bb2d137/attachment.sig>

More information about the Gluster-users mailing list