Yes, the other choices to having the MDS able to do auth itself are strictly trusting all UIDS/GIDS it is sent or rejecting those it can't auth itself. The first is semi-acceptable in some setups... but really fixing it is probably better.
________________________________ From: Phill Harvey-Smith <[email protected]> Sent: Tuesday, December 13, 2016 3:46:30 AM To: Patrick Farrell; Carlson, Timothy S; [email protected] Subject: Re: [lustre-discuss] problems accessing files as non-root user. On 12/12/2016 17:27, Patrick Farrell wrote: > Perhaps more expansively: > Is the new MDS configured to be able to authenticate these users? Using > /etc/passwd synchronization to do network auth is nasty. It's just > asking for weird troubles if you don't get it exactly right. LDAP or > similar is the way to go. This time replying to group as well :) That could be it, the cluster has a nis server for user management, so I guess I need to add the nis client to the MDS. I'd not done this as I didn't think it would be needed and would prevent the normal users from logging in directly to the MDS. But thinking about the way Lustre operates, I can see why it would be needed. Having installed nis on the MDS i can confirm that this does indeed seem to have fixed the permissions problem. Thanks for the speedy replies all. Cheers. Phill.
_______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
