I have an Arch Linux box that has a folder from an Ubuntu server mounted via NFS. I've set up an Access Control List on the folder on the server such that any new files should have their permissions set -rwx-r-x---
.
user1@ubuntu:~$ getfacl home/user2/shared/
# file: home/user2/shared/
# owner: user2
# group: remoteusers
user::rwx
group::r-x
other::---
default:user::rwx
default:user:user2:rwx
default:group::r-x
default:group:remoteusers:r-x
default:mask::rwx
default:other::---
If I create a file the permissions are set fine:
userA@arch:~$ touch ubuntuNFS/test.txt
userA@arch:~$ ls -la ubuntuNFS
-rw-r----- 1 ########## ########## 0 Nov 13 2013 test.txt
But if I copy a file, the group is not given any permissions:
userA@arch:~$ cp Videos/video.mp4 ubuntuNFS/
userA@arch:~$ ls -la ubuntuNFS
-rw------- 1 ########## ########## 0 Nov 13 2013 video.mp4
-rw-r----- 1 ########## ########## 0 Nov 13 2013 test.txt
Why isn't cp
obeying the ACL defaults?
Best Answer
I think ACLs are sporadically supported in various ways within NFS. See this article on the NFS project's website.
If this isn't the issue, then I'd be extremely suspicious of
cp
. I seem to recall a Q&A regarding the commandcp
not fully copying the ACLs irregardless of the targeted mount type.I believe it was this U&L Q&A titled: Using setfacl to allow group members to write to any file in a directory which led me to this SF Q&A titled: Why does cp not respect ACLs?.
Ironically our own @Gilles wrote an answer on that SF Q&A which explains why
cp
doesn't support the propagation of ACLs. I believe this is still the current situation!excerpt from @Gilles answer
Example
I setup the following file,
afile
and added an ACL to it.We now have:
When I copy these files to an NFSv3 share:
ACLs were lost. Trying to use the
--preserve
switches tocp
:Enabling ACL on NFS
Enabling ACL on the NFS mount seem to have no effect either:
Same HDD worked
Interestingly the
--preserve
switch did work when copying the file locally on the same EXT4 mounted drive.Path forward?
In my research and experimentation it would appear that anything below NFSv4 does not support ACLs. The
cp
command seems able to preserve the ACLs as long as the underlying filesystem supports ACLs.I found this article: Projects: NFS Version 4 Open Source Reference Implementation, which discusses the use of ACLs within NFSv4. So I would expect that copying ACLs to an NFSv4 share might be possible, I don't believe it's possible using NFSv2 or NFSv3 though.
References