[Lustre-discuss] root rights and permissions
D. Marc Stearman
marc at llnl.gov
Mon Apr 21 08:05:02 PDT 2008
On Apr 21, 2008, at 7:17 AM, Enrico Morelli wrote:
> On Mon, 21 Apr 2008 15:47:18 +0200
> Johann Lombardi <johann at Sun.COM> wrote:
>
>> On Mon, Apr 21, 2008 at 03:21:34PM +0200, Enrico Morelli wrote:
>>> I'm a new lustre user.
>>> I'd search for some documentation about the root permissions in
>>> Lustre without results. My answer is: how can reduce root
>>> permissions on a lustre client?
>>>
>>> Using NFS I have no_root_squash option, but under Lustre I don't
>>> find anything similar to that.
>>
>> FYI, the root squash functionality will be available in 1.6.5 (see
>> bug 12749).
>>
>> Cheers,
>> Johann
>
> Thanks for the answer. So for the moment I hope that no one using
> Linux
> trying to become a lustre client.
>
> Are there other solutions?
>
We use iptables to prevent unknown IP addrs from connecting to the
lustre servers:
*filter
-A INPUT -p tcp -i eth1 --tcp-flags SYN SYN --source ! 172.10.0.0/16 -
j REJECT
-A INPUT -p tcp -i eth2 --tcp-flags SYN SYN --source ! 172.10.0.0/16 -
j REJECT
COMMIT
Replace eth1/eth2 with your lustre networks, and 172.10.0.0/16 with
an appropriate network string. If you don't have a dedicated lustre
network, then you may need to change these rules. Lustre accepts
connections on port 988, so if you are mounting lustre over a common
network, you may just want to create rules that restrict access to
port 988 only.
-Marc
----
D. Marc Stearman
LC Lustre Administration Lead
marc at llnl.gov
925.423.9670
Pager: 1.888.203.0641
More information about the lustre-discuss
mailing list