<?xml version='1.0' encoding='UTF-8'?><chapter xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en-US" xml:id="managingsecurity">
- <title xml:id="managingsecurity.title">Managing Lustre Security</title>
- <para>This chapter describes Lustre security and includes the following sections:</para>
+ <title xml:id="managingsecurity.title">Managing Security in a Lustre File System</title>
+ <para>This chapter describes security features of the Lustre file system and includes the
+ following sections:</para>
<itemizedlist>
<listitem>
<para><xref linkend="dbdoclet.50438221_16221"/></para>
schemes. For a detailed explanation of ACLs on a Linux operating system, refer to the SUSE
Labs article, <emphasis>Posix Access Control Lists on Linux</emphasis>:</para>
<para><link xl:href="http://www.suse.de/~agruen/acl/linux-acls/online/">http://www.suse.de/~agruen/acl/linux-acls/online/</link></para>
- <para>We have implemented ACLs according to this model. Lustre works with the standard Linux ACL tools, setfacl, getfacl, and the historical chacl, normally installed with the ACL package.</para>
+ <para>We have implemented ACLs according to this model. The Lustre software works with the
+ standard Linux ACL tools, setfacl, getfacl, and the historical chacl, normally installed
+ with the ACL package.</para>
<note>
<para>ACL support is a system-range feature, meaning that all clients have ACL enabled or not. You cannot specify which clients should enable ACL.</para>
</note>
</section>
<section remap="h3">
- <title><indexterm><primary>Access Control List (ACL)</primary><secondary>using</secondary></indexterm>Using ACLs with Lustre</title>
- <para>POSIX Access Control Lists (ACLs) can be used with Lustre. An ACL consists of file entries representing permissions based on standard POSIX file system object permissions that define three classes of user (owner, group and other). Each class is associated with a set of permissions [read (r), write (w) and execute (x)].</para>
+ <title><indexterm>
+ <primary>Access Control List (ACL)</primary>
+ <secondary>using</secondary>
+ </indexterm>Using ACLs with the Lustre Software</title>
+ <para>POSIX Access Control Lists (ACLs) can be used with the Lustre software. An ACL consists
+ of file entries representing permissions based on standard POSIX file system object
+ permissions that define three classes of user (owner, group and other). Each class is
+ associated with a set of permissions [read (r), write (w) and execute (x)].</para>
<itemizedlist>
<listitem>
<para>Owner class permissions define access privileges of the file owner.</para>
<screen>$ lctl get_param -n mdc.home-MDT0000-mdc-*.connect_flags | grep acl acl</screen>
<para>To mount the client with no ACLs:</para>
<screen>$ mount -t lustre -o noacl ibmds2@o2ib:/home /home</screen>
- <para>ACLs are enabled in Lustre on a system-wide basis; either all clients enable ACLs or none do. Activating ACLs is controlled by MDS mount options <literal>acl</literal> / <literal>noacl</literal> (enable/disable ACLs). Client-side mount options acl/noacl are ignored. You do not need to change the client configuration, and the 'acl' string will not appear in the client /etc/mtab. The client acl mount option is no longer needed. If a client is mounted with that option, then this message appears in the MDS syslog:</para>
+ <para>ACLs are enabled in a Lustre file system on a system-wide basis; either all clients
+ enable ACLs or none do. Activating ACLs is controlled by MDS mount options
+ <literal>acl</literal> / <literal>noacl</literal> (enable/disable ACLs). Client-side mount
+ options acl/noacl are ignored. You do not need to change the client configuration, and the
+ 'acl' string will not appear in the client /etc/mtab. The client acl mount option
+ is no longer needed. If a client is mounted with that option, then this message appears in
+ the MDS syslog:</para>
<screen>...MDS requires ACL support but client does not</screen>
<para>The message is harmless but indicates a configuration issue, which should be corrected.</para>
<para>If ACLs are not enabled on the MDS, then any attempts to reference an ACL on a client return an Operation not supported error.</para>
</section>
<section xml:id="dbdoclet.50438221_64726">
<title><indexterm><primary>root squash</primary></indexterm>Using Root Squash</title>
- <para>Root squash is a security feature which restricts super-user access rights to a Lustre file system. Without the root squash feature enabled, Lustre users on untrusted clients could access or modify files owned by root on the filesystem, including deleting them. Using the root squash feature restricts file access/modifications as the root user to only the specified clients. Note, however, that this does <emphasis>not</emphasis> prevent users on insecure clients from accessing files owned by <emphasis>other</emphasis> users.</para>
- <para>The root squash feature works by re-mapping the user ID (UID) and group ID (GID) of the root user to a UID and GID specified by the system administrator, via the Lustre configuration management server (MGS). The root squash feature also enables the Lustre administrator to specify a set of client for which UID/GID re-mapping does not apply.</para>
+ <para>Root squash is a security feature which restricts super-user access rights to a Lustre
+ file system. Without the root squash feature enabled, Lustre file system users on untrusted
+ clients could access or modify files owned by root on the file system, including deleting
+ them. Using the root squash feature restricts file access/modifications as the root user to
+ only the specified clients. Note, however, that this does <emphasis>not</emphasis> prevent
+ users on insecure clients from accessing files owned by <emphasis>other</emphasis>
+ users.</para>
+ <para>The root squash feature works by re-mapping the user ID (UID) and group ID (GID) of the
+ root user to a UID and GID specified by the system administrator, via the Lustre configuration
+ management server (MGS). The root squash feature also enables the Lustre fle system
+ administrator to specify a set of client for which UID/GID re-mapping does not apply.</para>
<section remap="h3">
<title><indexterm><primary>root squash</primary><secondary>configuring</secondary></indexterm>Configuring Root Squash</title>
<para>Root squash functionality is managed by two configuration parameters, <literal>root_squash</literal> and <literal>nosquash_nids</literal>.</para>
git://git.whamcloud.com / doc / manual.git / blobdiff