I manage a OpenIndiana NFS server with a few Ubuntu machines acting as NFS clients. This is a small-scale education/research environment which has been generally pain-free hosting ~25 users for two professors.
I've been tasked with implementing ACLs and migrating NFS3 to 4, which I've managed to somewhat do. I have idmapd running on the Ubuntu boxes and seem to be picking up the proper users/groups (I'm not defaulting to the nobody:nobody permissions). I also have the NFS server speaking nfs4 to the client.
I've been slowly working through in my free time switching our basic traditional unix permissions to NFS4 acls and implementing a couple test directories, like: read only/no delete/only add files or folders/etc
However, I've been having trouble actually implementing it properly with inheritance to new files and folder and having it respected on the Ubuntu box. Once I have permissions set fine on the OI box without write/delete and root:root ownership, the user on Ubuntu can delete the files/directories. I've been using nfs4-acl-tools to do get and set on the Ubuntu side and ensuring they're translated properly from the OI side. I also set ACLs with chmod on OI or nfs4_setacl -e on the Ubuntu side.
Is there any guides to setting up an example nfs4 ACL step by step, especially using a Solaris server and a Linux client? I'm trying to determine if I have configuration issue with idmapping or I'm just not getting how the ACLs are supposed to be set.
Any guidance would be greatly appreciated, and if there's a better sub for this, please let me know!
[link][3 comments]