On April 16, 2020 11:43:03 AM GMT+03:00, Petr Certik <petr at certik.cz>
wrote:>Hi everyone,
>
>new user here. I can't seem to figure out how to properly manage
>access control. Specifically, I have a gluster volume mounted on
>several servers, all of which have a `www-data` user (with potentially
>different uid on every one of them) which works with the data. Is
>there a way to "translate" the uid on the files locally to the uid
of
>the local user, and then back again on write? Or do I have to use
>POSIX ACL and `setfacl -Rm u:www-data:rwX,d:u:www-data:rwX
>/mnt/gluster/`?
>
>And a follow-up question -- that recursive setfacl command seems to
>make glusterfsd run out of memory soon, when I run it on a ~1TB mount
>with lots of small files. Is there a way to make it run smoothly, even
>if slowly? I'd rather not write a script myself to make it run in
>batches, as that could mean I could miss new files that were added in
>the meantime.
>
>Thanks for any suggestions,
>Petr
>________
>
>
>
>Community Meeting Calendar:
>
>Schedule -
>Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC
>Bridge: https://bluejeans.com/441850968
>
>Gluster-users mailing list
>Gluster-users at gluster.org
>https://lists.gluster.org/mailman/listinfo/gluster-users
That problem is same for NFS & CIFS.
Sadly, I don't see mount options to set uid/gid .
I guess you need to either set the same uid for your user , or to use ACLs
(maybe with a find -exec ).
Still you got the option for '0777' , but then security will be just a
word.
I think the first one is easier to implement.
Best Regards,
Strahil Nikolov