Brock Palen
2011-Dec-14 21:54 UTC
[Lustre-discuss] Setting lustre directory and content immutable but keep permissions
For a policy issue with scratch space we want to lock a users scratch space that lives on lustre 1.8.x. We want users to be able to grab their data but not be able to add any more, they also do not need to delete files. We could recursively remove write bit, problem is we at time may wish to restore write access to the files with the same permissions they had before so we wish to not change the permissions. We also don''t want to put the stress of a bunch of chmod''s on the MDS. So short is there a simple way to say ''directory and children not mutable'' that is undoable by an admin? Thanks! Brock Palen www.umich.edu/~brockp Center for Advanced Computing brockp at umich.edu (734)936-1985
Andreas Dilger
2011-Dec-14 23:18 UTC
[Lustre-discuss] Setting lustre directory and content immutable but keep permissions
On 2011-12-14, at 2:54 PM, Brock Palen wrote:> For a policy issue with scratch space we want to lock a users scratch space that lives on lustre 1.8.x. > > We want users to be able to grab their data but not be able to add any more, they also do not need to delete files. > > We could recursively remove write bit, problem is we at time may wish to restore write access to the files with the same permissions they had before so we wish to not change the permissions. We also don''t want to put the stress of a bunch of chmod''s on the MDS. > > So short is there a simple way to say ''directory and children not mutable'' that is undoable by an admin?Mount the filesystem read-only on the clients... Using: client# mount -o remount,ro /mnt/lustre will work on the mounted filesystems. It needs to be done on all of the clients, and the "ro" option could be put into the client /etc/fstab. It is also possible to actually mark files immutable with: client# chattr -R +I /mnt/lustre which needs to be done on only a single client, but it needs to walk the whole filesystem to do this. You could alternately mount the filesystem locally on the MDS and do it directly to the ext4 filesystem more quickly, but it would take the filesystem offline. Cheers, Andreas -- Andreas Dilger Principal Engineer Whamcloud, Inc.