[
https://issues.apache.org/jira/browse/HDDS-7570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641641#comment-17641641
]
Neil Joshi commented on HDDS-7570:
----------------------------------
cc [~smeng] , as discussed offline for the ofs::/tmp directory shared for all
users, using the existing tmp directory mount with each user accessing the same
shared tmp bucket instead of each user with their own bucket. This is mostly
implemented extending the OSFPath.java and configured as discussed with an
ozone-site property {_}ozone.om.enable.ofs.shared.tmp.dir{_}.
I have an implementation with unit tests and acceptance tests validating the
shareable tmp directory. Properly configured, the tmp directory is avail as
root path tmp, ofs://om/tmp with admin all access control and users rw. Users
can only delete owned files. Further only the admin can delete the tmp
directory. see:
[https://github.com/apache/ozone/compare/master...neils-dev:ozone:sharedtmp]
Also have an acceptance test validating the access control and ofs tmp
directory path,
{code:java}
bash-4.2$ robot --test "Test tmp mount for shared ofs tmp dir"
./smoketest/security/ozone-secure-fs.robot
==============================================================================
Ozone-Secure-Fs :: Smoke test to start cluster with docker-compose environm...
==============================================================================
Test tmp mount for shared ofs tmp dir | PASS |
------------------------------------------------------------------------------
Ozone-Secure-Fs :: Smoke test to start cluster with docker-compose... | PASS |
1 test, 1 passed, 0 failed
==============================================================================
{code}
Please take a look and provide feedback on it. Thanks.
> Provide a shareable ofs://temp directory
> ----------------------------------------
>
> Key: HDDS-7570
> URL: https://issues.apache.org/jira/browse/HDDS-7570
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Neil Joshi
> Assignee: Neil Joshi
> Priority: Major
>
> Currently, the ofs://tmp directory is a virtual directory configured by the
> admin but not shareable for all users. Instead each user creates their own
> tmp directory for use with ofs. Because of the implementation, each tmp
> directory can only be administered by the individual users. Administrators
> currently are unable to access user tmp directories. thus administer the tmp
> directories.
> Building upon HDDS-2929, a shareable virtual tmp directory will be available
> to ofs users. This ofs://tmp directory behaves much like a sticky-bit tmp
> directory where admins have full access and users have rw permissions and can
> only delete files they own.
>
> As with HDDS-2929 a virtual tmp directory is used by ofs users and ofs
> applications requiring a tmp directory, ofs://tmp. Instead of each user
> having their own tmp directories in the implementation, here a single tmp
> directory is created from the tmp directory mount that is shared for all
> users. Admins have all access and users can read/write files and only delete
> files owned by the user.
>
> The ofs temp directory is configured with access control as follows:
> admin is privileged user testuser2, regular user is testuser in example with
> admin configuring ofs tmp directory mount for users:
> ozone sh volume create tmp
> ozone sh volume setacl -a
> user:testuser2:rw,user:testuser:a,group:testuser2:rw,group:testuser:a tmp
> ozone sh bucket create tmp/tmp
> ozone sh bucket setacl -a
> user:testuser2:rwlc,user:testuser:a,group:testuser2:rwlc,group:testuser:a
> tmp/tmp
>
> users access the tmp directory as in HDDS-2929,
> ozone fs -put ./NOTICE.txt ofs://om/tmp
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
