Re: [robinhood-support] Robin-hood - only for file/directories permissions enforcement

Tue, 10 Oct 2017 00:24:09 -0700 

Hello Marcin,
Not sure to understand if you only want to consider directories, or files too? 

This answer is if you want to consider directories only:


You should track entry removal to avoid robinhood DB to be fulfilled by 
deleted directories, Your changelog mask should be MKDIR, RMDIR.
Notice that you won't be aware of chmod on directories in this case (or 
you would process SATTR about files too...)


In FS_scan block, ignore entries that are of different type.
ignore { type != directory }

Then you can run a new scan that should only consider directories and 
will clean all other entries from the DB.



To check/enforce permissions on some specific directories, you can use a 
modeguard policy (in robinhood 3.1, see 
/etc/robinhood.d/templates/example_modeguard.conf)


Regards,
Thomas

On 10/07/17 08:28, Marcin Stolarek wrote:

I'm wondering if it should be generally possible to successfuly deploy 
robin-hood in lightweight scenario with the goal to enforce 
permissions on specific directories.


I thought about:
1) leaving only CREAT and MKDIR in lustre change log
2) removing old entries about files from robin-hood database
3) configuring policy to run a script when file/directory is created


I've tried normal robin-hood deployment, but it looks like I don't 
have a server that can handle database efficient enough to follow 
changes on filesystem. Currently I have a script starting multiple 
inotifiwait on the node designed for data upload to enforce 
permissions, but would be much better to have something using lustre 
changelog...


cheers,
Marcin


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
robinhood-support mailing list
robinhood-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/robinhood-support




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
robinhood-support mailing list
robinhood-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/robinhood-support






















					Reply via email to