Hi Rob, > Specific question: why did you need to > add checks in the set-attr state machine in addition to prelude, but not > other state machines?
Hmm.. Can you tell me which other state machines I need to add this stuff in? Prelude state machine does all the permission checks, and any uid/gid translation must be done prior to doing those checks. Set-attr stores the permissions based on the credentials sent over the wire, and any uid/gid translation must be done before it stores it on disk. (For some reason, setattr does not make use of the credentials field in the request but a duplicate copy in req.setattr.attr.owner,gid, dunno why. Therefore, the prelude changes were unfortunately not sufficient for the set-attr case) I was hoping that all cases would be covered with these 2 state machines changes alone. Unfortunately, there are still some permission denied cases when using the utimes() system call for the AllSquash case. I havent yet fixed that, since it involves local kernel/acl changes I think. > Have you thought about how we might do this on a per-client basis, and > if so, how that might change both how you do the checks and how you > describe things in the config file? Good point. How about something like <ExporOptions> ReadOnly yes(list of aliases) RootSquash yes(list of aliases) and so on... </ExportOptions> If no aliases are specified. then it is assumed to be the case for all clients.. Checking it would involve that I somehow get the BMI address information for comparison with the filesystem export cofiguration and disallowing or allowing checks based on that. I can look at this and send a patch later today for people to comment, if you like the above approach or if you wanted it done another way > You should probably re-post that patch over on pvfs2-devel for > discussion! Thanks, CC;ed devel list. Thanks for the comments, Murali > > Rob > > Murali Vilayannur wrote: > > Hi Praveen, > > Would something like the attached patch work for you? > > I have minimally tested it on my setups and it seems to work. > > You need to add something (optional) like the following to your fs.conf > > file under > > the <FileSystem> context tags > > > > <ExportOptions> > > ReadOnly yes --> if you want readonly f.s > > RootSquash yes --> if you want root squash. Unfortunately > > this will root squash all clients :(. No selective squashing. Currently > > root will squash to a default uid for nobody,gid for nobody. > > AllSquash yes --> all users will get squashed to nobody.. > > AnonUID <uid> --> override the anonuid value to something.. > > AnonGID <gid> --> override the anongid value to something.. > > </ExportOptions> > > > > Exporting a sub-tree to specific clients is not addressed by this patch. > > It requires far more work.. > > Thanks, > > Murali > > _______________________________________________ PVFS2-developers mailing list [email protected] http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
