From: Yong Fan <Yong.Fan@Sun.COM>
To: lustre-devel@lists.lustre.org
Subject: [Lustre-devel] Moving forward on Quotas
Date: Mon, 09 Jun 2008 16:52:56 +0800 [thread overview]
Message-ID: <484CEF68.2060608@sun.com> (raw)
In-Reply-To: <C46E87FA.589E%peter.braam@sun.com>
Peter Braam ??:
>
> On 6/6/08 1:33 AM, "Johann Lombardi" <johann@sun.com> wrote:
>
>
>> On Thu, Jun 05, 2008 at 06:45:36AM -0700, Peter Braam wrote:
>>
>>> Well, this protocol hasn't been published yet; why not include the server
>>> side uid / gid then?
>>>
>> I understood from Fanyong that according to the remote client design
>> requirements, we should not allow the remote client to access the server-side
>> uid/gid mapping.
>>
>
> You have two choices: break that rule OR let the MDS server do the ownership
> changes. It's not complicated, just make a choice.
>
>
>>> But more seriously, how is this encoded in such a way that the OST can trust
>>> the information - it must be in the capability too?
>>>
>> hmm, I don't see any capability associated with this.
>>
>
> We had better find it, otherwise there is a security hole.
>
>
>
I think we can divide clients into two sorts: trusted and untrusted.
The client reliability is defined by administrator. Remote client
should be counted as untrusted one. The best simple way is that:
local client is trusted, remote client is untrusted.
For the trusted ones, disable capability, OSS set file "uid" and "gid"
with "oa.o_uid" and "oa.o_gid". It is the current using means.
For the untrusted ones, enable capability, OSS set file "uid" and "gid"
which contain in the OSS capability got from MDS when open.
With OSS capability enabled will affect performance, and current
capability's design does not contain the consideration for that. We
can fix the OSS capability design in the task "o3_se_capa_review"
Note: since capability feature is time-consuming, we want to support
enforcing capabilities on selected clients (or somewhat MDS/OSS
capability should aim at remote client). On he other hand, enforcing
capabilities on selected clients can simply the capability interoperability
between HEAD and b1_6.
If this idea can be approved, then the current remote client uid mapping
rules can be unchanged, uid mapping on OST is unnecessary also.
Thanks!
--
Fan Yong
>> Johann
>> _______________________________________________
>> Lustre-devel mailing list
>> Lustre-devel at lists.lustre.org
>> http://lists.lustre.org/mailman/listinfo/lustre-devel
>>
>
>
>
next prev parent reply other threads:[~2008-06-09 8:52 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080605083957.GQ6283@lore>
2008-06-05 11:09 ` [Lustre-devel] Moving forward on Quotas Peter Braam
2008-06-05 12:27 ` Johann Lombardi
2008-06-05 13:45 ` Peter Braam
2008-06-06 7:33 ` Johann Lombardi
2008-06-06 12:21 ` Peter Braam
2008-06-09 8:52 ` Yong Fan [this message]
2008-06-09 15:37 ` Peter Braam
2008-06-09 16:09 ` Yong Fan
2008-06-10 13:54 ` Yong Fan
2008-06-10 16:51 ` Peter Braam
[not found] <92825021-D566-4805-9297-5EFBD3260D73@Sun.COM>
2008-06-01 2:44 ` Peter Braam
[not found] <18490.63940.619731.992500@gargle.gargle.HOWL>
2008-05-26 23:28 ` Peter Braam
2008-05-28 8:06 ` Johann Lombardi
2008-06-01 2:32 ` Peter Braam
2008-06-02 12:22 ` Johann Lombardi
2008-06-02 23:24 ` Andreas Dilger
2008-06-03 8:49 ` Landen tian
2008-06-04 1:24 ` Peter Braam
2008-06-04 7:05 ` Landen tian
2008-06-04 8:26 ` Johann Lombardi
2008-05-28 14:29 ` Ricardo M. Correia
2008-05-28 14:54 ` Nikita Danilov
2008-05-28 15:14 ` Ricardo M. Correia
2008-05-28 16:22 ` Nikita Danilov
2008-05-28 17:05 ` Ricardo M. Correia
2008-05-28 20:06 ` Nikita Danilov
2008-05-28 21:07 ` Ricardo M. Correia
2008-05-28 21:11 ` Nikita Danilov
2008-05-28 21:33 ` Ricardo M. Correia
2008-05-29 8:39 ` Nikita Danilov
[not found] ` <18496.11672.844774.815457@gargle.gargle.HOWL>
2008-05-31 15:31 ` Ricardo M. Correia
2008-05-31 15:49 ` Ricardo M. Correia
[not found] ` <1212247447.21348.70.camel@localhost>
2008-05-31 16:19 ` Nikita Danilov
2008-05-31 17:19 ` Ricardo M. Correia
2008-05-31 19:11 ` Nikita Danilov
2008-06-01 2:36 ` Peter Braam
2008-06-01 3:17 ` Mike Shapiro
2008-06-01 2:26 ` Peter Braam
2008-06-01 4:53 ` Jeff Bonwick
2008-06-01 13:58 ` Nikita Danilov
2008-06-03 0:50 ` Matthew Ahrens
2008-06-03 7:49 ` Nikita Danilov
2008-06-04 23:50 ` Matthew Ahrens
2008-05-28 15:24 ` Nikita Danilov
2008-05-31 10:25 ` Peter Braam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=484CEF68.2060608@sun.com \
--to=yong.fan@sun.com \
--cc=lustre-devel@lists.lustre.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.