nfs4_setfacl - users able to create files but not able to create directories

Question

I have set the following permission using nfs4_sefacl

$ sudo nfs4_setfacl -a A:g:foo-group@mydomain.com:rwx /mnt/shared

$ sudo nfs4_getfacl /mnt/shared

# file: /mnt/shared
A:g:foo-group@mydomain.com:rwx
A::OWNER@:rwaDxtTnNcCy
A:g:GROUP@:rwaDxtTnNcy
A::EVERYONE@:rxtncy

Interestingly, the users of foo-group are able to create only files under /mnt/shared, but they are unable to create any directories under the folder.

I am new to nfs4_setfacl, may I know what am I missing? The volume is mounted as NFS4 volume correctly.

score 0 · Answer 1 · answered Dec 27 '21 at 03:55

The permissions for the foo-group group need to be inherited. ACE (entry) for foo-group doesn't have the d and f flags.

Granted, the other ACEs also don't have these flags, but the NFS' file creation rules cover that case. On Linux, file creation would usually set the mode and not the ACL, and the mode would have reasonable behavior for the 3 regular principals - owner, group, and other.

nfs4_setfacl - users able to create files but not able to create directories

1 Answers1