Native NFSv4 Access Control Lists on Linux

A Presentation by Andreas Gruenbacher

Many organizations today are using heterogeneous computing
infrastructures that include machines running Linux, UNIX, as well as
Microsoft operating systems. This raises the problem of sharing files
across operating system boundaries, and of controlling access to shared

UNIX based systems use the traditional POSIX file permission model
[1003.1] for access control, which basically uses the file permission
bits in the file mode to define access. Most current UNIX systems
augment the traditional POSIX model with POSIX-draft ACLs [1003.1e] for
defining advanced scenarios.

The ACL model that Windows uses is sufficiently different from
POSIX-draft ACLs that mapping between the two leads to various
user-observable mapping artefacts, which can be very frustrating to
users. It is desirable to avoid mapping between Windows and POSIX-draft
ACLs as far as possible.

A recent development in the UNIX world has been native support for NFSv4
ACLs [RFC 3530]: the NFSv4 ACL model is close to the Windows ACL model,
which makes mapping between the two easy, but also includes some
features that make NFSv4 ACLs more appropriate in a UNIX context. This
is in line with how companies like NetApp and EMC have been doing file
access control on their NAS products for years. UNIX filesystems with
native NFSv4 ACL support include IBM JFS2 (AIX), IBM GPFS, and Solaris

Is is an unfortunate fact that RFC 3530 falls short of defining the
interactions between NFSv4 ACLs and the POSIX file permission bits.
Defining these interactions in a POSIX compliant way is non-trivial, and
implementations differ widely in how they deal with the problem: the
approaches taken range from disabling NFSv4 ACLs when file permission
bits are set and vice versa (AIX JFS2) to rather bizarre mapping
algorithms with pathologic corner cases (ZFS,
[draft-ietf-nfsv4-acls-00]). Those approaches will lead to similar
negative user experiences as when mapping between Windows and
POSIX-draft ACLs.

The author of this proposal, having implemented Linux
POSIX-draft ACLs some years ago, has recently proposed patches that
implement NFSv4 ACLs natively on Linux [NFS4ACL]. The approach taken
[nfsv4-acls-in-posix-00] is soundly based on POSIX concepts, and fully
integrates NFSv4 ACLs with the POSIX file permission model. ACLs are not
lost or garbled when the file permission bits are modified.

This will make Linux a much better file server in Windows and mixed
environments. It will take away excuses why Linux cannot be used as the
server platform of choice even with lots of Windows clients. POSIX
applications can then be used for automating things in the traditional
UNIX way, even for Windows clients, which is one of the areas where UNIX
has always excelled.

In other words, we will be one step closer to world domination ;-)

[1003.1-2004] Institute of Electrical and Electronics Engineers,
“Information Technology - Portable Operating System Interface (POSIX),”
IEEE Standard 1003.1, December 2004,

[1003.1e] Portable Applications Standards Committee of the IEEE Computer
Society, “IEEE 1003.1e Draft 17: Draft Standard for Information
Technology - Portable Operating System Interface (POSIX) - System
Application Program Interface,” October 1997,

[RFC 3530] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame,
C., Eisler, M., and D. Noveck, “Network File System (NFS) version 4
Protocol,” RFC 3530, April 2003,

[draft-ietf-nfsv4-acls-00] Falkner, S. and L. Week, “NFS Version 4
ACLs,” Internet-Draft draft-ietf-nfsv4-acls-00, February 2006,

[NFS4ACL] Andreas Gruenbacher, “Native NFSv4 ACLs on Linux,” September

[nfsv4-acls-in-posix-00] A. Gruenbacher, “NFSv4 ACLs in POSIX,”
September 2006,

Direct link to video