There is no single standard for Access Control Lists (ACLs) in Linux beyond the simple user-group-others read, write, and execute (rwx) flags. One option for finer control are the Draft POSIX ACLs, which were never formally standardised by POSIX. Another is the NFSv4 ACLs, which were designed to be part of the NFSv4 network filesystem with the goal of making something that provided reasonable compatibility between POSIX systems on Linux and WIN32 systems on Microsoft Windows.
NFSv4 ACLs are not sufficient to correctly implement Draft POSIX ACLs so no attempt has been made to map ACL accesses on an NFSv4 client (such as using setfacl).
When using NFSv4, Draft POSIX ACLs cannot be used even in emulation and NFSv4 ACLs need to be used directly; i.e., while setfacl can work on NFSv3, it cannot work on NFSv4.+To allow NFSv4 ACLs to be used on an NFSv4 filesystem, SUSE Linux Enterprise Server provides the nfs4-acl-tools package which contains the following:
nfs4-getfacl
nfs4-setfacl
nfs4-editacl
These operate in a generally similar way to getfacl and setfacl for examining and modifying NFSv4 ACLs.These commands are effective only if the file system on the NFS server provides full support for NFSv4 ACLs. Any limitation imposed by the server is felt by these programs running on the client in that some particular combinations of Access Control Entries (ACEs) might not be possible.
For information, see “ACLs” on the Linux-nfs.org Web site.