1 .TH LCTL-NODEMAP_MODIFY 8 "2019-01-22" Lustre "configuration utilities"
3 lctl-nodemap_modify \- modify a nodemap property
6 .B lctl nodemap_modify <--name nodemap_name> <--property property_name>
11 modifies a property of the given nodemap.
15 is the name of the nodemap to modify
18 is one of the following properties:
23 Defaults to 0. If set to 1, then root will NOT be squashed. By default,
24 the root user is mapped to the value of squash_uid.
29 Defaults to 0. If set to 1, then user mapping will be disabled for all
30 non-root users. This means that the identities provided by the client will be
31 trusted to match the identities of the file system. By default, the client user
32 identities are mapped to the file system identities based on the nodemap rules.
37 Defaults to 99. The user ID that unknown users (if not trusted) and root (if not admin) should be mapped to.
42 Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to.
47 Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to.
52 Defaults to 0. If set to 1 then unknown (squashed) users will be denied
53 access to the filesystem completely instead of just being squashed. Users are
54 considered unknown by nodemap if the admin flag is off and the user is root, or
55 trusted are set to off and the user is not mapped.
57 Note: directory entries cached by a Lustre client may be visible to unknown
58 users located on the same client, though the contents of the files will not be.
63 Defaults to 1, which lets clients record file system access events to the
64 Changelogs, if Changelogs are otherwise activated. If set to 0, events from
65 these clients are not logged into the Changelogs, no matter if Changelogs are
67 The reason not to record file system events from given clients is to prevent
68 some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs.
73 Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs.
74 Other possible values (multiple can be specified, comma separated) are uid to
75 map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs.
80 Defaults to 0, which means encryption is allowed.
81 Set to 1 to prevent clients from using encryption.
86 Defaults to 0, which lets clients mount in read-write mode. If set to 1,
87 clients are forced to a read-only mount if not specified explicitly.
92 Defaults to all, which means all roles are allowed. Other possible values
93 (multiple can be specified, comma separated) are:
95 - byfid_ops, to allow operations by FID (e.g. 'lfs rmfid').
97 - chlg_ops, to allow access to Lustre Changelogs.
99 - dne_ops, to allow operations related to DNE (e.g. 'lfs mkdir').
101 - file_perms, to allow modifications of file permissions and owners.
103 - fscrypt_admin, to allow fscrypt related admin tasks (create or modify
104 protectors/policies). Note that even without this role, it is still possible
105 to lock or unlock encrypted directories, as these operations only need read
106 access to fscrypt metadata.
108 - quota_ops, to allow quota modifications.
110 Apart from all, any role not explicitly specified is forbidden. And to forbid
111 all roles, use 'none' value.
116 is the value to set for the property. Should be 0 or 1 for admin and trusted.
120 # lctl nodemap_modify --name remotesite --property trusted --value 1
121 # lctl nodemap_modify --name remotesite --property admin --value 1
122 # lctl nodemap_modify --name remotesite --property map_mode --value uid_only
123 # lctl nodemap_modify --name otherremotesite --property squash_uid --value 101
133 .BR lctl-nodemap-activate (8),
134 .BR lctl-nodemap-add (8),
135 .BR lctl-nodemap-del (8),
136 .BR lctl-nodemap-add-range (8),
137 .BR lctl-nodemap-del-range (8),
138 .BR lctl-nodemap-add-idmap (8),
139 .BR lctl-nodemap-del-idmap (8),