Enrico Morelli wrote: > On Mon, 21 Apr 2008 15:47:18 +0200 > Johann Lombardi <[EMAIL PROTECTED]> wrote: > >> On Mon, Apr 21, 2008 at 03:21:34PM +0200, Enrico Morelli wrote: >>> I'm a new lustre user. >>> I'd search for some documentation about the root permissions in >>> Lustre without results. My answer is: how can reduce root >>> permissions on a lustre client? >>> >>> Using NFS I have no_root_squash option, but under Lustre I don't >>> find anything similar to that. >> FYI, the root squash functionality will be available in 1.6.5 (see >> bug 12749). >> >> Cheers, >> Johann > > Thanks for the answer. So for the moment I hope that no one using Linux > trying to become a lustre client. > > Are there other solutions?
Even if root_squash is used, an end user with root access to a system can just su - to any uid and copy/delete/modify files at will as the actual user. For now I'd focus more on limiting what hosts may mount your lustre filesystem and who has privileges on those end hosts. This can be done through iptables/router ACLs at the network layer and pam/sudo at the host layer. In the future, I believe Sun is moving towards Kerberos as a method for solving some of these problems. -- | David Vasil <[EMAIL PROTECTED]> | Oak Ridge National Laboratory NCCS Division | High Performance Computing Systems Administrator | Bldg: 5600-D219 Phone: (865)241-5562 _______________________________________________ Lustre-discuss mailing list [email protected] http://lists.lustre.org/mailman/listinfo/lustre-discuss
