NFSv4 uses its own ACL scheme which differs from the POSIX ACL scheme used by other Linux filesystems. While the NFSv4 kernel server maps the POSIX acls of the underlying filesystem to NFSv4 ACLs over the wire, the client exports the whole NFSv4 ACLs to userspace via its own "system.nfs4_acl" xattr, not via the POSIX xattr. Therefore the raw libacl doesn' understand these ACLs. The NFSv4 developers at University of Michigan http://www.citi.umich.edu/projects/nfsv4/ provide a patch for libacl at http://www.citi.umich.edu/projects/nfsv4/linux/acl-patches/2.2.29-3/acl-2.2.29-CITI_NFS4_ALL-3.dif When ignoring the reject for debian/changelog this patch applies cleanly to the current acl-2.2.39. This patch is relatively pain-free. It tries to look up NFSv4 ACLs first (and if it findes them, maps them back to POSIX acls) and falls back to trying POSIX ACLs if the filesystem is not NFSv4. I've written a small additional patch since the patch missed to extend the acl_extended_file function (which is neat, because e.g. "ls -l" uses to detect whether additional ACLs are set on a directory entry and displays the very useful "+" sign after the default Unix permissions). As you know, the developers are working in intergrating NFSv4 stuff into the core utilities. Unfortunately this is proceeding very slowly and Gentoo has been patching NFSv4 stuff around here and there. So it would be nice to see NFSv4 ACL support included. I've attached a minimal proposal for the acl-2.2.39.ebuild which adds a nfsv4 USE flag. It adds a libnfsidmap dependency (I'm not sure whether to use nfsv4 or nonfsv4 like nfs-utils does).
Created attachment 94923 [details, diff] The CITI acl-2.2.29-CITI_NFS4_ALL-3.dif minus the debian/changelog reject
Created attachment 94924 [details, diff] Let "ls -l" indicate additonal ACLs for NFSv4 too.
Created attachment 94925 [details, diff] acl-2.2.39.ebuild patch adding nfsv4 USE flag
your custom patch should be e-mailed to the nfs list: nfs@lists.sourceforge.net
Yes, I've contacted nfsv4@linux-nfs.org though which seems more appropriate for this type of stuff, the other mailing list is more about the kernel anf nfs-utils.
Note that I sent the patch upstream and got a "thanks". He told me they were planning better ACL support in general but it would be a good think to keep the old way (the patches they currently provide). I haven't seen them release a new official ACL patch though. http://linux-nfs.org/pipermail/nfsv4/2006-August/004870.html
Update: The patch has been included in their GIT repository, which also seems to be more up-to-date than the patches on the CITI homepage: http://linux-nfs.org/cgi-bin/gitweb.cgi?p=bfields-acl.git;a=summary
in portage then
