Managing GPFS access control lists

Access control protects directories and files by providing a means of specifying who is granted access. GPFS access control lists (ACL) are either traditional ACLs based on the POSIX model, or NFS V4 ACLs. NFS V4 ACLs are different from traditional ACLs, and provide improved control of file and directory access. A GPFS file system can also be exported by using NFS.

Management of GPFS access control lists (ACLs) and NFS export includes the following topics:

Note: The cp --preserve=xattr Linux command copies either the POSIX or the NFSv4 ACL extended attributes when an IBM Storage Scale file is copied. Also, the following system calls are extended when they are applied to files in IBM Storage Scale file systems:

The listxattr() system call, lists the attributes that represent the POSIX or NFSv4 ACL.
The getxattr() system call, retrieves the specified POSIX or NFSv4 ACL attribute. The content of the ACL is retrieved in the system.posix_acl_access attribute or the system.gpfs_nfs4_acl attribute.
The setxattr() system call, writes the content of the specified POSIX or NFSv4 ACL attribute to the corresponding ACL.

In versions of IBM Storage Scale earlier than 5.0.5, neither POSIX nor NFSv4 ACLs are supported in this way. However, it is possible to copy the POSIX ACL by issuing the cp --preserve=mode command.

Tip: To enable faster checks of the EXECUTE permission, grant EXECUTE permission to all users and groups of shared directories that are frequently traversed.