On Apr 21, 2008, at 7:17 AM, Enrico Morelli wrote: > On Mon, 21 Apr 2008 15:47:18 +0200 > Johann Lombardi <[EMAIL PROTECTED]> wrote: > >> On Mon, Apr 21, 2008 at 03:21:34PM +0200, Enrico Morelli wrote: >>> I'm a new lustre user. >>> I'd search for some documentation about the root permissions in >>> Lustre without results. My answer is: how can reduce root >>> permissions on a lustre client? >>> >>> Using NFS I have no_root_squash option, but under Lustre I don't >>> find anything similar to that. >> >> FYI, the root squash functionality will be available in 1.6.5 (see >> bug 12749). >> >> Cheers, >> Johann > > Thanks for the answer. So for the moment I hope that no one using > Linux > trying to become a lustre client. > > Are there other solutions? >
We use iptables to prevent unknown IP addrs from connecting to the lustre servers: *filter -A INPUT -p tcp -i eth1 --tcp-flags SYN SYN --source ! 172.10.0.0/16 - j REJECT -A INPUT -p tcp -i eth2 --tcp-flags SYN SYN --source ! 172.10.0.0/16 - j REJECT COMMIT Replace eth1/eth2 with your lustre networks, and 172.10.0.0/16 with an appropriate network string. If you don't have a dedicated lustre network, then you may need to change these rules. Lustre accepts connections on port 988, so if you are mounting lustre over a common network, you may just want to create rules that restrict access to port 988 only. -Marc ---- D. Marc Stearman LC Lustre Administration Lead [EMAIL PROTECTED] 925.423.9670 Pager: 1.888.203.0641 _______________________________________________ Lustre-discuss mailing list [email protected] http://lists.lustre.org/mailman/listinfo/lustre-discuss
