VAST Cluster supports the NFSv4 Access Control List (ACL) permissions system to restrict access to a file or directory by a user or a group. NFSv4 ACLs are supported only with the Mixed Last Wins security flavor. The security flavor is configured in the view policy.
While NFSv4 ACLs require Mixed Last Wins security flavor, POSIX ACLs for NFSv3 clients are supported only with NFS security flavor. Although views can be enabled for both NFSv4.1 and NFSv3 clients concurrently, POSIX ACLs and NFSv4 ACLs are not supported concurrently.
NFSv4 ACLs are defined by a published standard for this version of the Network File System. The ACL attribute has an array of Access Control Entries (ACEs) that are associated with a file system object. The server uses ACEs in the ACL to perform access control. NFSv4 access options are more specific than the typical read, write and execute permissions in other systems.
VAST Cluster supports A (Allow) and D (Deny) type ACEs. Audit (U) and Alarm (L) type ACEs are not supported.
ACE options include the following:
The ACE type "A" denotes "Allow" to give the user or the group access to actions on this file system object that require permissions. Any action that is not explicitly given permission is denied permission by default.
The ACE "d" is an inheritance flag so that any new subdirectories will automatically have the same ACL set as the current directory.
The ACE principal can be a named user, a special principal (such as 'owner' or 'everyone'), or a group.
The ACE permissions are denoted by combinations of thirteen letters. The aliases 'R', 'W', and 'X' can also be used as permissions in place of appropriate ACE letter combinations.
ACL attributes can be set, modified and viewed.
In this example, the ACE principal is given an inheritance flag and a list of permissions.