[lustre-discuss] how to unsquash users
julienrey76 at gmail.com
Fri May 20 09:28:30 PDT 2022
Thanks for your clear explanation.
I managed to "unsquash" my directory's ownership with a simple chown and
without having to re-mount the lustre filesystem.
I understand that I should activate the "admin" and "trusted" properties
on the default nodemap to turn it off completely for the rest of the
clients. Am I correct ?
Le 20/05/2022 à 17:10, Sebastien Buisson a écrit :
> It looks like you did not set properties on the default nodemap, which gets involved for your machine not in the 10.0.1.[35-38] range.
> When in use, the nodemap feature does not change anything about UID/GID of files as stored on servers, it just changes (maps) the way clients see them. Once deactivated, you should unmount then remount Lustre on your client (I understand that you have your home directories on Lustre?).
> Also, if you set the trusted property on the ’seamless’ nodemap, no id or gid mapping will be actually carried out, because by definition it means you trust the file system's canonical identifiers.
>> Le 20 mai 2022 à 16:57, Julien Rey via lustre-discuss <lustre-discuss at lists.lustre.org> a écrit :
>> Hello everyone,
>> We are running lustre 2.12.7 and today I tried to set up a few nodemaps so as to restrict access to an unique user (seamless user with uid/gid 3669) to a subdirectory (/webservices/seamless) from a range of machines (10.0.1.[35-38]).
>> Here's what I did so far :
>> lctl nodemap_add seamless
>> lctl nodemap_add_range --name seamless --range 10.0.1.[35-38]@tcp
>> lctl nodemap_modify --name seamless --property trusted --value 1
>> lctl nodemap_add_idmap --name seamless --idtype uid --idmap 3669:3669
>> lctl nodemap_add_idmap --name seamless --idtype gid --idmap 3669:3669
>> lctl nodemap_set_fileset --name seamless --fileset '/webservices/seamless'
>> lctl nodemap_activate 1
>> However, when I tried to log on one of the machine NOT in the 10.0.1.[35-38] range with my user account (uid 2154), my home directory ownership got immediately squashed to:
>> drwx------ 12 nobody nobody 4096 Apr 5 17:11 rey
>> So I immediatly deactivated the nodemaps using :
>> lctl nodemap_activate 0
>> However, the directory ownership remains nobody/nobody and I can no longer log in.
>> Does anyone know how to revert this ? And what was wrong with my nodemaps configuration ?
>> Julien REY
>> Plate-forme RPBS
>> Modélisation Computationnelle des Interactions Protéines-Ligand (CMPLI)
>> Université de Paris
>> tel : 01 57 27 83 95
>> lustre-discuss mailing list
>> lustre-discuss at lists.lustre.org
Modélisation Computationnelle des Interactions Protéines-Ligand (CMPLI)
Université de Paris
tel : 01 57 27 83 95
More information about the lustre-discuss