VNX: How NFSv4 works on VNX with MIXED accesspolicy in a Multiprotocol Environment (User Correctable).
Summary: 'chmod' changes the ACL permission on a file exported using NFSv4
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
An ACL modification rebuilds the UNIX mode bits.
A file-system is exported via NFSv4 in a Multi-protocol Share. The file-system is mounted as 'MIXED' policy on the virtual data mover (VDM).
From the UJNIX client, a 'chmod' command was executed against a file exported from VNX NFS Share.
Refer to the attached document on how to configure NFSv4 and apply ACLs in a Multiprotocol environment.
VNX:
[root@VNXCS nasadmin]# server_mount nfsv4 -o accesspolicy=MIXED nfsv4 /nfsv4
nfsv4 : done
[root@VNXCS nasadmin]#
Client:
root@linux-client:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 19620732 4169992 14430992 23% /
udev 10240 0 10240 0% /dev
tmpfs 206372 9320 197052 5% /run
tmpfs 515920 80 515840 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 515920 0 515920 0% /sys/fs/cgroup
##.##.##.##://nfsv4 1032576 2688 1029888 1% /nfsv4
root@linux-client:~# cd /nfsv4/
root@linux-client:/nfsv4# ll
total 0
root@linux-client:/nfsv4#
Before:
root@linux-client:/nfsv4# nfs4_getfacl Windows/
A:g:user2@vnx.local:rxtncy
A:fdi:user2@vnx.local:rxtncy
A:fdi:user1@vnx.local:rxtncy
A:fd:user1@vnx.localrwDxtTy
A::OWNER@:rwaDxtTnNcCoy
A:g:32770:rxtncy
A::EVERYONE@:rxtncy
A:fd:32769:rwaDdxtTnNcCoy
A:fdg:32792:rwaDdxtTnNcCoy
A:fdg:32793:rwaDdxtTnNcCoy
A:fd:32775:rwDxtTy
root@linux-client:/nfsv4#
Change:
root@linux-client:/nfsv4# ll
total 16
drwxrwxr-x 2 nobody root 80 Jul 26 08:03 linux
drwxr-xr-x 2 32768 32768 80 Jul 25 13:17 Windows
root@linux-client:/nfsv4# chmod 744 Windows/
After:
root@linux-client:/nfsv4# ll
total 16
drwxrwxr-x 2 nobody root 80 Jul 26 08:03 linux
drwxr--r-- 2 32768 32768 80 Jul 25 13:17 Windows
root@linux-client:/nfsv4#
A file-system is exported via NFSv4 in a Multi-protocol Share. The file-system is mounted as 'MIXED' policy on the virtual data mover (VDM).
From the UJNIX client, a 'chmod' command was executed against a file exported from VNX NFS Share.
Refer to the attached document on how to configure NFSv4 and apply ACLs in a Multiprotocol environment.
VNX:
[root@VNXCS nasadmin]# server_mount nfsv4 -o accesspolicy=MIXED nfsv4 /nfsv4
nfsv4 : done
[root@VNXCS nasadmin]#
Client:
root@linux-client:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 19620732 4169992 14430992 23% /
udev 10240 0 10240 0% /dev
tmpfs 206372 9320 197052 5% /run
tmpfs 515920 80 515840 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 515920 0 515920 0% /sys/fs/cgroup
##.##.##.##://nfsv4 1032576 2688 1029888 1% /nfsv4
root@linux-client:~# cd /nfsv4/
root@linux-client:/nfsv4# ll
total 0
root@linux-client:/nfsv4#
Before:
root@linux-client:/nfsv4# nfs4_getfacl Windows/
A:g:user2@vnx.local:rxtncy
A:fdi:user2@vnx.local:rxtncy
A:fdi:user1@vnx.local:rxtncy
A:fd:user1@vnx.localrwDxtTy
A::OWNER@:rwaDxtTnNcCoy
A:g:32770:rxtncy
A::EVERYONE@:rxtncy
A:fd:32769:rwaDdxtTnNcCoy
A:fdg:32792:rwaDdxtTnNcCoy
A:fdg:32793:rwaDdxtTnNcCoy
A:fd:32775:rwDxtTy
root@linux-client:/nfsv4#
Change:
root@linux-client:/nfsv4# ll
total 16
drwxrwxr-x 2 nobody root 80 Jul 26 08:03 linux
drwxr-xr-x 2 32768 32768 80 Jul 25 13:17 Windows
root@linux-client:/nfsv4# chmod 744 Windows/
After:
root@linux-client:/nfsv4# ll
total 16
drwxrwxr-x 2 nobody root 80 Jul 26 08:03 linux
drwxr--r-- 2 32768 32768 80 Jul 25 13:17 Windows
root@linux-client:/nfsv4#
Cause
This is functioning as designed [FAD].
Reference working on ACL on NFSv4 protocol on page 19 of the "Managing a Multiprotocol environment" document.
https://support.emc.com/docu48454_Managing-a-Multiprotocol-Environment-on-VNX-8.1.pdf?language=en_US
ACLs for files and directories are created from the protocol that last set or changed the permissions. For example, if an NFS client sets or changes permissions on a file or directory, the ACL is rebuilt based on the UNIX mode bits. If a CIFS client sets or changes permissions on a file or directory, the ACL is built based on the standard Windows permissions.
ACL is checked. If there is not an ACL, one is created based on the UNIX mode bits. Access is also determined by the ACL.NFSv4 clients can manage the ACL. An ACL modification rebuilds the UNIX mode bits but the UNIX rights are not checked.
Reference working on ACL on NFSv4 protocol on page 19 of the "Managing a Multiprotocol environment" document.
https://support.emc.com/docu48454_Managing-a-Multiprotocol-Environment-on-VNX-8.1.pdf?language=en_US
ACLs for files and directories are created from the protocol that last set or changed the permissions. For example, if an NFS client sets or changes permissions on a file or directory, the ACL is rebuilt based on the UNIX mode bits. If a CIFS client sets or changes permissions on a file or directory, the ACL is built based on the standard Windows permissions.
ACL is checked. If there is not an ACL, one is created based on the UNIX mode bits. Access is also determined by the ACL.NFSv4 clients can manage the ACL. An ACL modification rebuilds the UNIX mode bits but the UNIX rights are not checked.
Resolution
This is working as designed in a Linux environment.
If permissions are to be changed on NFSv4 mounted files, use the 'nfs4_setfacl' command. Running 'chmod' will trigger a recalculation against the UNIX bit mode.
If permissions are to be changed on NFSv4 mounted files, use the 'nfs4_setfacl' command. Running 'chmod' will trigger a recalculation against the UNIX bit mode.
Additional Information
Reference the attached documents for further details on working on ACLs.
Affected Products
VNX/VNXeProducts
Celerra, VNX/VNXeArticle Properties
Article Number: 000065253
Article Type: Solution
Last Modified: 06 Nov 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.