Hi Everyone,
I have a theoretical question about GPFS multiclusters and security.
Let's say I have clusters A and B. Cluster A is exporting a filesystem
as read-only to cluster B.
Where does the authorization burden lay? Meaning, does the security rely
on mmfsd in cluster B to behave itself and enforce the conditions of the
multi-cluster export? Could someone using the credentials on a
compromised node in cluster B just start sending arbitrary nsd
read/write commands to the nsds from cluster A (or something along those
lines)? Do the NSD servers in cluster A do any sort of sanity or
security checking on the I/O requests coming from cluster B to the NSDs
they're serving to exported filesystems?
I imagine any enforcement would go out the window with shared disks in a
multi-cluster environment since a compromised node could just "dd" over
the LUNs.
Thanks!
-Aaron
--
Aaron Knister
NASA Center for Climate Simulation (Code 606.2)
Goddard Space Flight Center
(301) 286-2776
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
