-.TH lctl-nodemap-modify 8 "2015 Jan 20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_MODIFY 8 "2019-01-22" Lustre "configuration utilities"
.SH NAME
-lctl-nodemap-modify \- Modify a nodemap property.
-
+lctl-nodemap_modify \- modify a nodemap property
.SH SYNOPSIS
.br
.B lctl nodemap_modify <--name nodemap_name> <--property property_name>
.I nodemap_name
is the name of the nodemap to modify
-
.I property_name
is one of the following properties:
+.RS 0.3i
.PP
admin
.RS 4
Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to.
.RE
.PP
+squash_projid
+.RS 4
+Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to.
+.RE
+.PP
deny_unknown
.RS 4
Defaults to off. If set to on then unknown (squashed) users will be denied
Note: directory entries cached by a Lustre client may be visible to unknown
users located on the same client, though the contents of the files will not be.
.RE
+.PP
+audit_mode
+.RS 4
+Defaults to on, which lets clients record file system access events to the
+Changelogs, if Changelogs are otherwise activated. If set to 0, events from
+these clients are not logged into the Changelogs, no matter if Changelogs are
+activated or not.
+The reason not to record file system events from given clients is to prevent
+some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs.
+.RE
+.PP
+map_mode
+.RS 4
+Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs.
+Other possible values (multiple can be specified, comma separated) are uid to
+map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs.
+.RE
+.PP
+readonly_mount
+.RS 4
+Defaults to off, which lets clients mount in read-write mode. If set to 1,
+clients are forced to a read-only mount if not specified explicitly.
+.RE
+.PP
+rbac
+.RS 4
+Defaults to all, which means all roles are allowed. Other possible values
+(multiple can be specified, comma separated) are:
+- byfid_ops, to allow operations by FID (e.g. 'lfs rmfid').
+- chlg_ops, to allow access to Lustre Changelogs.
+- dne_ops, to allow operations related to DNE (e.g. 'lfs mkdir').
+- file_perms, to allow modifications of file permissions and owners.
+- fscrypt_admin, to allow fscrypt related admin tasks (create or modify
+protectors/policies). Note that even without this role, it is still possible
+to lock or unlock encrypted directories, as these operations only need read
+access to fscrypt metadata.
+- quota_ops, to allow quota modifications.
+Apart from all, any role not explicitly specified is forbidden. And to forbid
+all roles, use 'none' value.
+.RE
+.RE
.I value
is the value to set for the property. Should be 0 or 1 for admin and trusted.
.nf
# lctl nodemap_modify --name remotesite --property trusted --value 1
# lctl nodemap_modify --name remotesite --property admin --value 1
+# lctl nodemap_modify --name remotesite --property map_mode --value uid_only
# lctl nodemap_modify --name otherremotesite --property squash_uid --value 101
.fi
git://git.whamcloud.com / fs / lustre-release.git / blobdiff