-.TH LCTL-NODEMAP_ACTIVATE 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_ACTIVATE 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_activate \- activate or deactivate the nodemap feature
.SH SYNOPSIS
-.br
-.B lctl nodemap_activate "<0|1>"
-.br
+.SY "lctl nodemap_activate"
+.RB { 0 | 1 }
+.YS
.SH DESCRIPTION
.B nodemap_activate
-is used to activate or deactivate the nodemap feature. When nodemap is
-active, all client operations are mapped based on rules created by the
-administrator.
-
+is used to globally activate or deactivate the nodemap feature. When nodemap is
+active, all client IDs are mapped based on rules specified by the administrator,
+and filesystem operations may be restricted or prevented.
.SH OPTIONS
Passing 0 disables the nodemap feature, while 1 activates the feature.
-
.SH EXAMPLES
-.nf
-# lctl nodemap_activate 1
-.fi
-
+.EX
+.B # lctl nodemap_activate 1
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_activate
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_53_0-13-gae295503f5
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-add-range (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_ADD_IDMAP 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_ADD_IDMAP 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_add_idmap \- define ID mappings for a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid|projid}>
-.B <--idmap clientid:fsid>
-.br
+.SY "lctl nodemap_add_idmap"
+.B --name
+.I NODEMAP_NAME
+.BR --idtype " {" uid | gid | projid }
+.B --idmap
+.IR CLIENTID [- CLIENTID_END ]: FSID [- FSID_END ]
+.YS
.SH DESCRIPTION
.B nodemap_add_idmap
adds an identity mapping to a nodemap. Clients that are members of the given
nodemap will have the identities of their users mapped accordingly.
-
.SH OPTIONS
-.I name
-is the name of the nodemap that this idmap should be added to.
-
-.I idtype
-is either "uid" or "gid" or "projid" depending on if it is a user ID or group
+.TP
+.BI --name " NODEMAP_NAME"
+The name of the nodemap that this idmap should be added to.
+.TP
+.BR --idtype " {" uid | gid | projid }
+Either "uid" or "gid" or "projid" depending on if it is a user ID or group
ID or project ID that is to be mapped.
-
-.I idmap
-is the identity to map, and what it should be mapped to. The first digit is the
-ID of the user or group as it is on the client, and the second number is the ID
-that it should map to on the Lustre filesystem.
-
+.TP
+.BI --idmap " CLIENTID\fR[" - CLIENTID_END\fR] : FSID\fR[ - FSID_END\fR]
+The identity to map, and what it should be mapped to.
+The first number is the ID of the user or group as it is on the client,
+and the second number is the ID that it should map to on the Lustre filesystem.
.SH EXAMPLES
-.nf
-# lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001
-# lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002
-# lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1
-.fi
+.EX
+.B # lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001
+.B # lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002
+.B # lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1
+.B # lctl nodemap_add_idmap --name othersite --idtype uid --idmap 0-999:9000
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_add_idmap
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_56_0-14-g294b0efc31
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
.BR lctl-nodemap-add-range (8),
-.BR lctl-nodemap-del-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_ADD_RANGE 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_ADD_RANGE 8 2024-08-14" Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_add_range \- define a range of NIDs for a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_add_range <--name name> <--range range>
-.br
+.SY "lctl nodemap_add_range"
+.BI --name " NODEMAP_NAME"
+.BI --range " NID_RANGE"
+.YS
.SH DESCRIPTION
-.B nodemap_add_range adds a range of NIDs to an existing nodemap. The NID range
-cannot overlap with an existing NID range. Clients with NIDs that fall into the
-new range will be moved into the given nodemap.
-
+.B nodemap_add_range adds a range of NIDs to an existing nodemap.
+The NID range cannot overlap with an existing NID range.
+Clients with NIDs that fall into the new range
+will be moved into the given nodemap and any future RPCs will be subject
+to the properties configured for that nodemap.
.SH OPTIONS
-.I name
-is the name of the nodemap that this range should be added to.
-
-.I range
-is the NID range that should be added to the nodemap. The syntax for the range
-is the same as the rootsquash syntax, with the added constraint that the range
-must be contiguous.
-
-.SH Formal LNET Range Definition
-
-.nf
-<nidlist> :== <nidrange> [ ' ' <nidrange> ]
-<nidrange> :== <addrrange> '@' <net>
-<addrrange> :== '*' |
- <ipaddr_range> |
- <numaddr_range>
-<ipaddr_range> :==
- <numaddr_range>.<numaddr_range>.<numaddr_range>.<numaddr_range>
-<numaddr_range> :== <number> |
- <expr_list>
-<expr_list> :== '[' <range_expr> [ ',' <range_expr>] ']'
-<range_expr> :== <number> |
- <number> '-' <number> |
- <number> '-' <number> '/' <number>
-<net> :== <netname> | <netname><number>
-<netname> :== "lo" | "tcp" | "o2ib" | "cib" | "openib" | "iib" |
- "vib" | "ra" | "elan" | "gm" | "mx" | "ptl"
-<number> :== <nonnegative decimal> | <hexadecimal>
-.fi
-
+.TP
+.BI --name " NODEMAP_NAME"
+The name of the nodemap that this range should be added to.
+.TP
+.BI --range " NID_RANGE"
+The NID range that should be added to the nodemap.
+The syntax for the range is the same as the rootsquash syntax,
+with the added constraint that the range must be contiguous.
+.SH Formal LNet NID Range Definition
+.EX
+NID_RANGE :== ADDR_RANGE@NET
+ADDR_RANGE :== '*' | IPADDR_RANGE | NUM_RANGE
+IPADDR_RANGE :== NUM_RANGE.NUM_RANGE.NUM_RANGE.NUM_RANGE
+NUM_RANGE :== NUMBER | EXPR_LIST
+EXPR_LIST :== '['RANGE_EXPR[,RANGE_EXPR]']'
+RANGE_EXPR :== NUMBER | NUMBER-NUMBER | NUMBER-NUMBER/NUMBER
+NET :== NET_TYPE[NUMBER]
+.\" Currently supported LNet types are listed in libcfs_netstrfns[]
+NET_TYPE :== "lo" | "tcp" | "o2ib" | "ptlf" | "gni" | "gip" | "kfi"
+NUMBER :== NONNEGATIVE_DECIMAL | HEXADECIMAL
+.EE
+Where
+.IR MIN - MAX / SKIP
+indicates a sequence of numbers starting at
+.I MIN
+and incrementing by
+.I SKIP
+each time until no larger than
+.IR MAX .
.SH EXAMPLES
-.nf
-# lctl nodemap_add_range --name remotesite --range 192.168.1.[1-254]@tcp
-# lctl nodemap_add_range --name otherremotesite --range 192.168.2.[1-254]@tcp
-.fi
-
+.EX
+.B # lctl nodemap_add_range --name remotesite --range 192.168.1.[1-254]@tcp
+.B # lctl nodemap_add_range --name othersite --range 192.168.2.[1-254]@tcp
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_add_range
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_56_0-13-g4642f30970
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_ADD 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_ADD 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
-lctl-nodemap_add \- add a new nodemap, to which NID ranges, identities, and
-properties can be added
+lctl-nodemap_add \- create a new nodemap to define client behavior
.SH SYNOPSIS
-.br
-.B lctl nodemap_add <name>
-.br
+.SY "lctl nodemap_add"
+.I NODEMAP_NAME
+.YS
.SH DESCRIPTION
-.B nodemap_add creates and names a new nodemap. The administrator can then add
-NID ranges and identity mappings to the nodemap, as well as modify its
-properties.
-
+.B nodemap_add
+creates and names a new nodemap to which NID ranges, process identities,
+and properties can be added to limit or otherwise manage capabilities
+and filesystem access permission of those NID(s).
.SH OPTIONS
-.I name
-is the name to give the new nodemap. It can be any string except "default".
-
+.TP
+.I NODEMAP_NAME
+The name to give the new nodemap. It can be any string except
+.RB \(dq default \(dq.
.SH EXAMPLES
-.nf
-# lctl nodemap_add remotesite
-# lctl nodemap_add otherremotesite
-.fi
-
+.EX
+.B # lctl nodemap_add remotesite
+.B # lctl nodemap_add othersite
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_add
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_53_0-13-gae295503f5
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-add-range (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_DEL_IDMAP 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_DEL_IDMAP 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_del_idmap \- delete an existing idmap from a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_del_idmap <--name name> <--idtype {uid|gid|projid}>
-.B <--idmap clientid:fsid>
-.br
+.SY "lctl nodemap_del_idmap"
+.BI --name " NODEMAP_NAME"
+.BR --idtype " {" uid | gid | projid }
+.B --idmap
+.IR CLIENTID [- CLIENTID_END ]: FSID [- FSID_END ]
+.YS
.SH DESCRIPTION
.B nodemap_del_idmap
-deletes an idmap from a nodemap. Users or groups or projects in the nodemap with
-that ID will be squashed, if the trusted flag is not enabled.
-
+deletes an idmap from a nodemap.
+Users or groups or projects in the nodemap with that ID will be squashed,
+if the trusted flag is not enabled.
.SH OPTIONS
-.I name
-is the name of the nodemap that this idmap should be deleted from.
-
-.I idtype
-is either "uid" or "gid" or "projid" depending on if it is a user or group or
+.TP
+.BI --name " NODEMAP_NAME"
+The name of the nodemap that this idmap should be deleted from.
+.TP
+.BR --idtype " {" uid | gid | projid }
+Either "uid" or "gid" or "projid" depending on if it is a user or group or
project ID mapping that is to be removed.
-
-.I idmap
-is the identity map to delete.
-
+.TP
+.BI --idmap " CLIENTID\fR[" - CLIENTID_END\fR] : FSID\fR[ - FSID_END\fR]
+The identity map to delete.
.SH EXAMPLES
-.nf
-# lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001
-# lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002
-# lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1
-.fi
-
+.EX
+.B # lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001
+.B # lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002
+.B # lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1
+.B # lctl nodemap_add_idmap --name othersite --idtype uid --idmap 0-999:9000
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_del_idmap
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_56_0-14-g294b0efc31
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
+.BR lctl-nodemap-add-idmap (8),
.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-range (8),
-.BR lctl-nodemap-add-idmap (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_DEL_RANGE 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_DEL_RANGE 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_del_range \- delete an existing NID range from a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_del_range "<--name name> <--range range>"
-.br
+.SY "lctl nodemap_del_range"
+.BI --name " NODEMAP_NAME"
+.BI --range " NID_RANGE"
+.YS
.SH DESCRIPTION
.B nodemap_del_range
deletes a NID range from a nodemap. Clients will be moved to the default
nodemap.
-
.SH OPTIONS
-.I name
-is the name of the nodemap that this range should be deleted from.
-
-.I range
-is the NID range that should be deleted from the nodemap.
-
+.TP
+.BI --name " NODEMAP_NAME"
+The name of the nodemap that this range should be deleted from.
+.TP
+.BI --range " NID_RANGE"
+The NID range that should be deleted from the nodemap.
.SH EXAMPLES
-.nf
-# lctl nodemap_del_range --name remotesite --range 192.168.1.[1-254]@tcp
-# lctl nodemap_del_range --name otherremotesite --range 192.168.2.[1-254]@tcp
-.fi
-
+.EX
+.B # lctl nodemap_del_range --name remotesite --range 192.168.1.[1-254]@tcp
+.B # lctl nodemap_del_range --name othersite --range 192.168.2.[1-254]@tcp
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_del_range
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_56_0-13-g4642f30970
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-add-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_DEL 8 "2015-01-20" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_DEL 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_del \- delete an existing nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_del "<name>"
-.br
+.SY "lctl nodemap_del"
+.I NODEMAP_NAME
+.YS
.SH DESCRIPTION
-.B nodemap_del deletes an existing nodemap. All of the associated mappings and
+.B nodemap_del
+deletes an existing nodemap. All of the associated mappings and
NID ranges will be removed as well, and existing clients will be moved to the
default nodemap.
-
.SH OPTIONS
-.I name
-is the name of the nodemap to delete. The default nodemap cannot be deleted.
-
+.TP
+.I NODEMAP_NAME
+The name of the nodemap to delete. The default nodemap cannot be deleted.
.SH EXAMPLES
-.nf
-# lctl nodemap_del remotesite
-# lctl nodemap_del otherremotesite
-.fi
-
+.EX
+.B # lctl nodemap_del remotesite
+.B # lctl nodemap_del othersite
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_del
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_53_0-13-gae295503f5
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-add-range (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_MODIFY 8 "2019-01-22" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_MODIFY 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_modify \- modify a nodemap property
.SH SYNOPSIS
-.br
-.B lctl nodemap_modify <--name nodemap_name> <--property property_name>
-<--value value>
-.br
+.SY "lctl nodemap_modify"
+.BI --name " NODEMAP_NAME"
+.BI --property " PROPERTY_NAME"
+.BI --value " VALUE"
+.YS
.SH DESCRIPTION
.B nodemap_modify
modifies a property of the given nodemap.
-
.SH OPTIONS
-.I nodemap_name
-is the name of the nodemap to modify
-
-.I property_name
-is one of the following properties:
-.RS 0.3i
-.PP
-admin
-.RS 4
+.TP
+.BI --name " NODEMAP_NAME"
+Rhe name of the nodemap to modify
+.TP
+.BI --property " PROPERTY_NAME"
+One of the following properties:
+.RS 8
+.TP 4
+.B admin
Defaults to 0. If set to 1, then root will NOT be squashed. By default,
the root user is mapped to the value of squash_uid.
-.RE
-.PP
-trusted
-.RS 4
+.TP
+.B trusted
Defaults to 0. If set to 1, then user mapping will be disabled for all
non-root users. This means that the identities provided by the client will be
trusted to match the identities of the file system. By default, the client user
identities are mapped to the file system identities based on the nodemap rules.
-.RE
-.PP
-squash_uid
-.RS 4
-Defaults to 99. The user ID that unknown users (if not trusted) and root (if not admin) should be mapped to.
-.RE
-.PP
-squash_gid
-.RS 4
-Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to.
-.RE
-.PP
-squash_projid
-.RS 4
-Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to.
-.RE
-.PP
-deny_unknown
-.RS 4
+.TP
+.B squash_uid
+Defaults to
+.B NODEMAP_NOBODY_UID
+if not specified, which is 65534 to match the standard Linux
+.B nobody
+user ID.
+The user ID that unknown users (if not trusted)
+and root (if not admin) should be mapped to.
+.TP
+.B squash_gid
+Defaults to
+.B NODEMAP_NOBODY_UID
+if not specified, which is 65534 to match the standard Linux
+.B nobody
+user ID.
+The group ID that unknown groups (if not trusted)
+and root (if not admin) should be mapped to.
+.TP
+.B squash_projid
+Defaults to
+.B NODEMAP_NOBODY_UID
+if not specified, which is 65534 to match the standard Linux
+.B nobody
+user ID.
+The project ID that unknown projects (if not trusted) should be mapped to.
+.TP
+.B deny_unknown
Defaults to 0. If set to 1 then unknown (squashed) users will be denied
access to the filesystem completely instead of just being squashed. Users are
considered unknown by nodemap if the admin flag is off and the user is root, or
trusted are set to off and the user is not mapped.
-
+.IP
Note: directory entries cached by a Lustre client may be visible to unknown
users located on the same client, though the contents of the files will not be.
-.RE
-.PP
-audit_mode
-.RS 4
+.TP
+.B audit_mode
Defaults to 1, which lets clients record file system access events to the
Changelogs, if Changelogs are otherwise activated. If set to 0, events from
these clients are not logged into the Changelogs, no matter if Changelogs are
activated or not.
The reason not to record file system events from given clients is to prevent
some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs.
-.RE
-.PP
-map_mode
-.RS 4
+.TP
+.B map_mode
Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs.
Other possible values (multiple can be specified, comma separated) are uid to
map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs.
-.RE
-.PP
-forbid_encryption
-.RS 4
+.TP
+.B forbid_encryption
Defaults to 0, which means encryption is allowed.
Set to 1 to prevent clients from using encryption.
-.RE
-.PP
-readonly_mount
-.RS 4
+.TP
+.B readonly_mount
Defaults to 0, which lets clients mount in read-write mode. If set to 1,
clients are forced to a read-only mount if not specified explicitly.
-.RE
-.PP
-rbac
-.RS 4
+.TP
+.B rbac
Defaults to all, which means all roles are allowed. Other possible values
(multiple can be specified, comma separated) are:
-.br
+.EX
- byfid_ops, to allow operations by FID (e.g. 'lfs rmfid').
-.br
- chlg_ops, to allow access to Lustre Changelogs.
-.br
- dne_ops, to allow operations related to DNE (e.g. 'lfs mkdir').
-.br
- file_perms, to allow modifications of file permissions and owners.
-.br
-- fscrypt_admin, to allow fscrypt related admin tasks (create or modify
-protectors/policies). Note that even without this role, it is still possible
-to lock or unlock encrypted directories, as these operations only need read
-access to fscrypt metadata.
+.EE
+- fscrypt_admin, to allow fscrypt related admin tasks
+(create or modify protectors/policies). Note that even without this role,
+it is still possible to lock or unlock encrypted directories,
+as these operations only need read access to fscrypt metadata.
.br
- quota_ops, to allow quota modifications.
-.br
-Apart from all, any role not explicitly specified is forbidden. And to forbid
-all roles, use 'none' value.
+Apart from all, any role not explicitly specified is forbidden.
+And to forbid all roles, use 'none' value.
.RE
-
-.RE
-.I value
-is the value to set for the property. Should be 0 or 1 for admin and trusted.
-
+.TP
+.BI --value " VALUE"
+The value to set for the property. Should be 0 or 1 for admin and trusted.
.SH EXAMPLES
-.nf
-# lctl nodemap_modify --name remotesite --property trusted --value 1
-# lctl nodemap_modify --name remotesite --property admin --value 1
-# lctl nodemap_modify --name remotesite --property map_mode --value uid_only
-# lctl nodemap_modify --name otherremotesite --property squash_uid --value 101
-.fi
-
+.EX
+.B # lctl nodemap_modify --name remotesite --property trusted --value 1
+.B # lctl nodemap_modify --name remotesite --property admin --value 1
+.B # lctl nodemap_modify --name remotesite --property map_mode --value uid_only
+.B # lctl nodemap_modify --name othersite --property squash_uid --value 101
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_modify
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.6.0
+.\" Added in commit v2_5_56_0-13-g4642f30970
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-add-range (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8)
-.TH LCTL-NODEMAP_SET_FILESET 8 "2019-01-17" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_SET_FILESET 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_set_fileset \- add a fileset to a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_set_fileset --name
-.RI < nodemap >
-.B --fileset
-.RI < fileset >
-.br
+.SY "lctl nodemap_set_fileset"
+.BI --name " NODEMAP"
+.BI --fileset " SUBDIRECTORY"
+.YS
.SH DESCRIPTION
.B nodemap_set_fileset
adds
-.I fileset
+.I FILESET
to the specified
-.IR nodemap .
+.IR NODEMAP .
The
-.I fileset
-must
-begin with '/'. Clients belonging to
-.I nodemap
+.I SUBDIRECTORY
+must begin with '/'. Clients belonging to
+.I NODEMAP
will be automatically
presented the corresponding
-.I fileset
-when mounting. This means these clients
-are doing an implicit subdirectory mount on the subdirectory represented by
-the defined
-.IR fileset .
-
+.I SUBDIRECTORY
+when mounting.
+This means these clients are doing an implicit subdirectory
+mount on the subdirectory represented by the defined
+.IR SUBDIRECTORY .
.SH OPTIONS
-.I nodemap
-is the name of the nodemap that this fileset should be associated with.
-
-.I fileset
-is the fileset to restrict the clients to. The fileset must begin with '/'.
-
+.TP
+.BI --name " NODEMAP"
+The name of the nodemap that this fileset should be associated with.
+.TP
+.BI --fileset " SUBDIRECTORY"
+The fileset to restrict the clients to. The fileset must begin with '/'.
.SH EXAMPLES
-.nf
-# lctl nodemap_set_fileset --name tenant1 --fileset '/dir1'
-# lctl nodemap_set_fileset --name admins --fileset ''
-.fi
-
+.EX
+.B # lctl nodemap_set_fileset --name tenant1 --fileset '/dir1'
+.B # lctl nodemap_set_fileset --name admins --fileset ''
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_set_fileset
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.9.0
+.\" Added in commit v2_8_53_0-63-g25420c75e4
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
-.TH LCTL-NODEMAP_SET_SEPOL 8 "2019-01-21" Lustre "configuration utilities"
+.TH LCTL-NODEMAP_SET_SEPOL 8 2024-08-14 Lustre "Lustre Configuration Utilities"
.SH NAME
lctl-nodemap_set_sepol \- set SELinux policy info on a nodemap
.SH SYNOPSIS
-.br
-.B lctl nodemap_set_sepol --name
-.RI < nodemap >
-.B --sepol
-.RI < sepol >
-.br
+.SY "lctl nodemap_set_sepol"
+.BI --name " NODEMAP"
+.BI --sepol " POLICY"
+.YS
.SH DESCRIPTION
.B nodemap_set_sepol
adds SELinux policy info as described by
-.I sepol
+.I POLICY
to the specified
-.IR nodemap .
+.IR NODEMAP .
The
-.I sepol
+.I POLICY
string describing the SELinux policy has the following syntax:
-
-<mode>:<name>:<version>:<hash>
-
+.EX
+.IR MODE : NAME : VERSION : HASH
where:
.RS 4
-- <mode> is a digit telling if SELinux is in Permissive mode (0) or Enforcing
-mode (1)
-
-- <name> is the name of the SELinux policy
-
-- <version> is the version of the SELinux policy
-
-- <hash> is the computed hash of the binary representation of the policy, as
-exported in /etc/selinux/<name>/policy/policy.<version>
+.TP 9
+.RI - MODE
+is a digit telling if SELinux is in Permissive mode (0) or Enforcing mode (1)
+.TP
+.RI - NAME
+is the name of the SELinux policy
+.TP
+.RI - VERSION
+is the version of the SELinux policy
+.TP
+.RI - HASH
+is the computed hash of the binary representation of the policy, as exported in
+.RI /etc/selinux/ NAME /policy/policy. VERSION
.RE
-
+.EE
+.P
The reference
-.I sepol
-string can be obtained on a client node known to enforce the right SELinux policy,
-by calling the l_getsepol command line utility.
-
+.I POLICY
+string can be obtained on a client node known to enforce
+the right SELinux policy, by calling the l_getsepol command line utility.
+.P
Clients belonging to
-.I nodemap
+.I NODEMAP
must enforce the SELinux policy described by
-.IR sepol ,
+.IR POLICY ,
otherwise they are denied access to the Lustre file system.
-
.SH OPTIONS
-.I nodemap
-is the name of the nodemap that this SELinux policy info should be associated
-with.
-
-.I sepol
-is the string describing the SELinux policy that clients must enforce. It has
-to conform to the syntax described above.
-
+.TP
+.BI --name " NODEMAP"
+The name of the nodemap that this SELinux policy info should be associated with.
+.TP
+.BI --sepol " POLICY"
+is the string describing the SELinux policy that clients must enforce.
+It has to conform to the syntax described above.
.SH EXAMPLES
-.nf
-# lctl nodemap_set_sepol --name restricted --sepol '1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f'
-# lctl nodemap_set_sepol --name admins --sepol ''
-.fi
-
+.EX
+.B # lctl nodemap_set_sepol --name restricted --sepol \
+'1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f'
+.B # lctl nodemap_set_sepol --name admins --sepol ''
+.EE
.SH AVAILABILITY
-.B lctl
+.B lctl nodemap_set_sepol
is part of the
-.BR Lustre (7)
-filesystem package.
+.BR lustre (7)
+filesystem package since release 2.13.0
+.\" Added in commit v2_12_50-89-g1f6cb3534e
.SH SEE ALSO
.BR lustre (7),
.BR lctl-nodemap-activate (8),
.BR lctl-nodemap-add (8),
-.BR lctl-nodemap-del (8),
-.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-add-idmap (8),
+.BR lctl-nodemap-add-range (8),
+.BR lctl-nodemap-del (8),
.BR lctl-nodemap-del-idmap (8),
+.BR lctl-nodemap-del-range (8),
.BR lctl-nodemap-modify (8)
git://git.whamcloud.com / fs / lustre-release.git / commitdiff