[Lustre-discuss] root rights and permissions
David Vasil
dmvasil at ornl.gov
Mon Apr 21 07:31:31 PDT 2008
Enrico Morelli wrote:
> On Mon, 21 Apr 2008 15:47:18 +0200
> Johann Lombardi <johann at Sun.COM> wrote:
>
>> On Mon, Apr 21, 2008 at 03:21:34PM +0200, Enrico Morelli wrote:
>>> I'm a new lustre user.
>>> I'd search for some documentation about the root permissions in
>>> Lustre without results. My answer is: how can reduce root
>>> permissions on a lustre client?
>>>
>>> Using NFS I have no_root_squash option, but under Lustre I don't
>>> find anything similar to that.
>> FYI, the root squash functionality will be available in 1.6.5 (see
>> bug 12749).
>>
>> Cheers,
>> Johann
>
> Thanks for the answer. So for the moment I hope that no one using Linux
> trying to become a lustre client.
>
> Are there other solutions?
Even if root_squash is used, an end user with root access to a system
can just su - to any uid and copy/delete/modify files at will as the
actual user.
For now I'd focus more on limiting what hosts may mount your lustre
filesystem and who has privileges on those end hosts. This can be done
through iptables/router ACLs at the network layer and pam/sudo at the
host layer.
In the future, I believe Sun is moving towards Kerberos as a method for
solving some of these problems.
--
| David Vasil <dmvasil at ornl.gov>
| Oak Ridge National Laboratory NCCS Division
| High Performance Computing Systems Administrator
| Bldg: 5600-D219 Phone: (865)241-5562
More information about the lustre-discuss
mailing list