[lustre-discuss] Restricting sub directory mounts/access
davidls at hawaii.edu
Thu Mar 25 21:18:23 PST 2021
Unless I am misunderstanding what you are trying to do, it sounds like
what you are looking for is the sub-directory tree isolation feature
described in the Lustre manual.
Of course, with the example your gave, using the sub-directory of
/scratch/group would not do what you want, but if the directory tree was
something like /scratch/group/private/data_dir and
/scratch/group/public/<other_dirs> you could set the fileset
(sub-directory) on a nodemap to /group/public and limit visibility for
a set of clients. You could then use another nodemap to granting full
access from a different set of clients.
> One way I was thinking of doing this was using nodemap to map the UID/GID of the user to root or nobody so access to the compliance data is limited a root alone. Although this could work, I was looking for alternate ways to mount or access is restricted by IP if it was possible.
> Thank you,
> From: lustre-discuss <lustre-discuss-bounces at lists.lustre.org> On Behalf Of Kumar, Amit
> Sent: Wednesday, March 24, 2021 3:52 PM
> To: lustre-discuss at lists.lustre.org
> Subject: [lustre-discuss] Restricting sub directory mounts/access
> [EXTERNAL SENDER]
> Dear All,
> Wondering if I could restrict access to a specific directory from within my lustre file system, for example /scratch/group/data_dir "on a set of nodes"?
> I would still want to have full read-write access to other directories( /scratch/group/<other_dirs>).
> Can this be achieved in some creative way using overlayFS?
> Thank you,
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20210324/80c6f10b/attachment-0001.html>
> Subject: Digest Footer
> lustre-discuss mailing list
> lustre-discuss at lists.lustre.org
More information about the lustre-discuss