Native NFSv4 ACLs on Linux

Andreas Gruenbacher agruen at
Fri Jul 14 14:37:36 GMT 2006


This is to announce a prototype that implements NFSv4 ACLs natively on Linux. 
So far, the implementation supports NFSv4 ACLs on Ext3 filesystems. The code 
is functional, but hasn't seen a whole lot of testing so far.

This is relevant to Samba, because CIFS ACLs are very close to NFSv4 ACLs, and 
so this will allow Samba to store CIFS ACLs more or less unchanged, and have 
the kernel enforce the ACL model. Native POSIX applications will interact 
nicely with Windows applications; the prototype is POSIX compliant.

NFSv4 ACLs per se do not map to the POSIX permission model and the extension 
mechanisms that POSIX allows very well. Different designs to extend the 
definition of NFSv4 ACLs in order to make them map better to POSIX have been 
proposed. A conclusion which design to adopt for NFSv4 Minor Version 1 has 
not been reached so far. See the nfsv4 at mailing list 
( for discussions.

This prototype features a design that is relatively close to POSIX 1003.1e 
draft 17 ACLs as implemented on many flavors of UNIX. Until a formal design 
document is available, please refer to the discussion in the following two 
threads on the nfsv4 at mailing list, and read the code: 

  NFSv4 ACL and POSIX interaction / mask

  NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

The prototype itself is available at, 
along with some more information.


Andreas Gruenbacher <agruen at>
Novell / SUSE Labs

More information about the samba-technical mailing list