This is patch set 384 obtained from sourceforge cvs using cvsps. --- nfs-utils-1.0.7-kwc/ChangeLog | 10 ++++++++++ nfs-utils-1.0.7-kwc/support/nfs/exports.c | 6 ++++++ nfs-utils-1.0.7-kwc/utils/exportfs/exportfs.c | 2 ++ nfs-utils-1.0.7-kwc/utils/exportfs/exports.man | 15 +++++++++++++++ 4 files changed, 33 insertions(+) diff -puN ChangeLog~nfsutils_patchset_384 ChangeLog --- nfs-utils-1.0.7/ChangeLog~nfsutils_patchset_384 2005-10-07 17:50:29.734260000 -0400 +++ nfs-utils-1.0.7-kwc/ChangeLog 2005-10-10 11:40:20.302014000 -0400 @@ -1,3 +1,13 @@ +2005-04-06 Chip Salzenberg + + * support/nfs/exports.c (parseopts): Accept "acl" option to mean + ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL. + (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL + as "acl". + * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as + "no_acl". + * utils/exportfs/exports.man: Document "no_acl". + 2005-03-14 NeilBrown Denis Vlasenko * support/export/client.c(client_init and client_gettype): diff -puN support/nfs/exports.c~nfsutils_patchset_384 support/nfs/exports.c --- nfs-utils-1.0.7/support/nfs/exports.c~nfsutils_patchset_384 2005-10-07 17:50:29.754240000 -0400 +++ nfs-utils-1.0.7-kwc/support/nfs/exports.c 2005-10-10 11:39:38.886698000 -0400 @@ -185,6 +185,8 @@ putexportent(struct exportent *ep) "no_" : ""); fprintf(fp, "%ssecure_locks,", (ep->e_flags & NFSEXP_NOAUTHNLM)? "in" : ""); + fprintf(fp, "%sacl,", (ep->e_flags & NFSEXP_NOACL)? + "no_" : ""); if (ep->e_flags & NFSEXP_FSID) { fprintf(fp, "fsid=%d,", ep->e_fsid); } @@ -374,6 +376,10 @@ parseopts(char *cp, struct exportent *ep ep->e_flags &= ~NFSEXP_NOAUTHNLM; else if (strcmp(opt, "insecure_locks") == 0) ep->e_flags |= NFSEXP_NOAUTHNLM; + else if (strcmp(opt, "acl") == 0) + ep->e_flags &= ~NFSEXP_NOACL; + else if (strcmp(opt, "no_acl") == 0) + ep->e_flags |= NFSEXP_NOACL; else if (strncmp(opt, "mapping=", 8) == 0) ep->e_maptype = parsemaptype(opt+8); else if (strcmp(opt, "map_identity") == 0) /* old style */ diff -puN utils/exportfs/exportfs.c~nfsutils_patchset_384 utils/exportfs/exportfs.c --- nfs-utils-1.0.7/utils/exportfs/exportfs.c~nfsutils_patchset_384 2005-10-07 17:50:29.768226000 -0400 +++ nfs-utils-1.0.7-kwc/utils/exportfs/exportfs.c 2005-10-07 17:50:29.929065000 -0400 @@ -398,6 +398,8 @@ dump(int verbose) c = dumpopt(c, "no_subtree_check"); if (ep->e_flags & NFSEXP_NOAUTHNLM) c = dumpopt(c, "insecure_locks"); + if (ep->e_flags & NFSEXP_NOACL) + c = dumpopt(c, "no_acl"); if (ep->e_flags & NFSEXP_FSID) c = dumpopt(c, "fsid=%d", ep->e_fsid); if (ep->e_mountpoint) diff -puN utils/exportfs/exports.man~nfsutils_patchset_384 utils/exportfs/exports.man --- nfs-utils-1.0.7/utils/exportfs/exports.man~nfsutils_patchset_384 2005-10-07 17:50:29.788206000 -0400 +++ nfs-utils-1.0.7-kwc/utils/exportfs/exports.man 2005-10-10 11:39:55.343264000 -0400 @@ -222,6 +222,21 @@ be explicitly requested with either of t .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess _