Skip to main content

Managing NFSv4 ACLs

You can enable, disable, set, modify, and view NFSv4 access control lists (ACLs).

  • Benefits of enabling NFSv4 ACLs
    There are many benefits to enabling NFSv4 ACLs.
  • How NFSv4 ACLs work
    A client using NFSv4 ACLs can set and view ACLs on files and directories on the system. When a new file or subdirectory is created in a directory that has an ACL, the new file or subdirectory inherits all ACL Entries (ACEs) in the ACL that have been tagged with the appropriate inheritance flags.
  • Enabling or disabling modification of NFSv4 ACLs
    When ONTAP receives a chmod command for a file or directory with an ACL, by default the ACL is retained and modified to reflect the mode bit change. You can disable the -v4-acl-preserve parameter to change the behavior if you want the ACL to be dropped instead.
  • How ONTAP uses NFSv4 ACLs to determine whether it can delete a file
    To determine whether it can delete a file, ONTAP uses a combination of the file's DELETE bit, and the containing directory's DELETE_CHILD bit. For more information, see the NFS 4.1 RFC 5661.
  • Enabling or disabling NFSv4 ACLs
    To enable or disable NFSv4 ACLs, you can modify the -v4.0-acl and -v4.1-acl options. These options are disabled by default.