I believe IRIX does allow you to set ACLs over NFS if you're running a reasonable version of Trusted IRIX. But I'm not sure if it uses the same proplistd side-band protocol or if they rolled their own and both the client and server have to be running SGI Trusted IRIX.
Also, from what I gather, various draft versions of Posix ACLs had some reasonable significant differences so without detailed information on the exact ACL semantics, I couldn't say how similar the Solaris, Digital, and IRIX semantics are. For NFS v4, the situation is further complicated by the fact that HPUX ACLs and NT ACLs are different as well.
Ray
-----Original Message----- From: Guy Harris [mailto:guy@netapp.com] Sent: Friday, June 11, 1999 2:57 AM To: tkaczma@gryf.net Cc: toasters@mathworks.com Subject: Re: NFS ACLs
Just came across this in Solaris docs:
NFS Parameters for the nfs Module
[...]
nfs_acl_cache - This symbol controls whether ACLs are
cached on clients
that are using the NFS_ACL protocol.
Does anyone know of any info on the NFS ACL protocol?
See "/usr/include/rpcsvc/nfs_acl.x" on Solaris 2.5 and later. It uses port 2049, and the Solaris NFS server code presumably just checks the program number as well as the procedure number and version number, and runs either an NFS procedure or an NFS ACL procedure.
Is this what we were just speaking of?
I think at least some folks here were speaking of it, yes.
I think Digital^H^H^H^H^H^H^HTru64 UNIX may store ACLs as items in a file's property list; the "proplist(4)" man page on a DU system here says:
DIGITAL UNIX supports the storing, parsing, and retrieving of Extended File Attributes. An Extended File Attribute is a name and value pair that is contained in a variable-sized structure called a Property List. A Property List is part of a file's metadata and can contain abstract name and value pairs (Extended File Attributes) that can be set either by the operating system (for example, ACLs and privileges) or by a user-level application (for example, PC File Attributes).
That man page also says:
Extended File Attributes are supported by the Advanced File System (AdvFS) and the UNIX File System (UFS). Currently, the Network File System (NFS) does not support Extended File Attributes, so when files migrate over NFS, they loose any Extended File Attributes they may have had.
but the "proplistd(8)" man page says:
The proplistd daemon services sideband protocol requests from NFS clients for property list operations. Requests may be to get, set, and or delete the property list associated with an NFS served file system object.
so I'm not sure if the "proplist(4)" man page is out of date or if the NFS client doesn't use the RPC service offered by "proplistd", although if the latter is true, that raises the question "so why does 'proplistd' exist?"
I think AIX may also have ACL support, and I think somebody earlier said IRIX does; I don't know whether either of them let you get or set ACLs over the wire with a "sideband" protocol for NFS.
HP-UX has ACLs, but the HP-UX 11.00 man page says:
NFS NFS does not support ACLs on remote files.
Individual manual entries specify the behavior of various system calls, library calls, and commands under these circumstances. Be careful when transferring a file with optional entries over a network or when manipulating a remote file because optional entries may be silently deleted.
The Solaris and Digital UNIX ACLs appear to be based on POSIX drafts (the POSIX committee working on that stuff never went past drafts, and I think they disbanded; the DU ones directly claim to be POSIX-draft-based, the Solaris ones just look as if they are). I don't know what the AIX or IRIX ones look like; the HP-UX ones don't look at all POSIX-draft-based (they appear to have a whole pile of additional functionality).