[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: (was: 1.14.0) > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.16.0 > > Attachments: OAK-7725-tests.patch > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: 1.16.0 > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.14.0, 1.16.0 > > Attachments: OAK-7725-tests.patch > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: (was: 1.12.0) > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.14.0 > > Attachments: OAK-7725-tests.patch > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: 1.14.0 > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.12.0, 1.14.0 > > Attachments: OAK-7725-tests.patch > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomek Rękawek updated OAK-7725: --- Attachment: OAK-7725-tests.patch > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.12 > > Attachments: OAK-7725-tests.patch > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: (was: 1.9.13) (was: 1.10) > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.12 > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OAK-7725) Allow to have the users and groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Davide Giannella updated OAK-7725: -- Fix Version/s: 1.12 > Allow to have the users and groups created in the immutable part of the > composite setup > --- > > Key: OAK-7725 > URL: https://issues.apache.org/jira/browse/OAK-7725 > Project: Jackrabbit Oak > Issue Type: Story > Components: composite, security >Reporter: Tomek Rękawek >Assignee: Tomek Rękawek >Priority: Major > Fix For: 1.10, 1.9.13, 1.12 > > > When running the Oak with Composite Node Store, the /home subtree is always > stored in the mutable, global part. Therefore, even if we switch the > immutable part (eg. /libs), the users and groups are not affected. > This setup makes sense for the users and groups created interactively. > However, we also have the service users, which usually are not created > interactively, but are part of the application and therefore are related to > the /libs part. For such users, it'd make sense to include them dynamically, > together with the application, read-only mount. > The proposal is to allow some part of the /home (eg. /home/service) to be > mounted from the read-only partial node store. Let's consider the constraints > we need to put in place (eg. it shouldn't be possible to have inter-mounts > group memberships) and how we can implement this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
