Hi Amit,
Unless I am misunderstanding what you are trying to do, it sounds like
what you are looking for is the sub-directory tree isolation feature
described in the Lustre manual.
https://doc.lustre.org/lustre_manual.xhtml#managingSecurity.isolation
Of course, with the example your gave, using the sub-directory of
/scratch/group would not do what you want, but if the directory tree was
something like /scratch/group/private/data_dir and
/scratch/group/public/<other_dirs> you could set the fileset
(sub-directory) on a nodemap to /group/public and limit visibility for
a set of clients. You could then use another nodemap to granting full
access from a different set of clients.
Thanks,
David
One way I was thinking of doing this was using nodemap to map the UID/GID of
the user to root or nobody so access to the compliance data is limited a root
alone. Although this could work, I was looking for alternate ways to mount or
access is restricted by IP if it was possible.
Thank you,
Amit
From: lustre-discuss <[email protected]> On Behalf Of
Kumar, Amit
Sent: Wednesday, March 24, 2021 3:52 PM
To: [email protected]
Subject: [lustre-discuss] Restricting sub directory mounts/access
[EXTERNAL SENDER]
Dear All,
Wondering if I could restrict access to a specific directory from within my lustre file
system, for example /scratch/group/data_dir "on a set of nodes"?
I would still want to have full read-write access to other directories(
/scratch/group/<other_dirs>).
Can this be achieved in some creative way using overlayFS?
Thank you,
Amit
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20210324/80c6f10b/attachment-0001.html>
------------------------------
Subject: Digest Footer
_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
------------------------------
_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
