Is there a way to remove the security descriptor once added? Think "setfacl -b" if using POSIX(-proposed) FACLs.
Linux NFSv4 mount:
NetApp:
Code:
host::> vserver security file-directory show -vserver bar -path /vol/share/foo
Vserver: bar
File Path: /vol/share/foo
File Inode Number: 97
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 66666
UNIX Mode Bits: 2755
UNIX Mode Bits in Text: rwxr-sr-x
ACLs: -
Edit foo with nfs4_editfacl and save (without changes):
Code:
host::> vserver security file-directory show -vserver bar -path /vol/share/foo
Vserver: bar
File Path: /vol/share/foo
File Inode Number: 97
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 66666
UNIX Mode Bits: 2755
UNIX Mode Bits in Text: rwxr-sr-x
ACLs: NFSV4 Security Descriptor
Control:0x8014
DACL - ACEs
ALLOW-OWNER@-0x1601ff
ALLOW-GROUP@-0x1200a9-IG
ALLOW-EVERYONE@-0x1200a9
Everything but one ACE can be removed, but the last ACE cannot.
Is there a way to identify with nfs4_getfacl, or another tool, whether an actual security descriptor exists? nfs4_getfacl seems unable to distinguish the above, but instead assumes the ACL with the descriptor is there or not.