qing
2012-Apr-12 15:55 UTC
[Lustre-discuss] Is there possibility to protect lustre servers from lustre clients?
Dear Lustre experts: As far as I know, Lustre can not distinguish between machines. All machines that access the system has complete access to administrative commands. The superuser in any machine has complete control over the whole file system, and any misuse, intended or accidental might cause server damage. But I still want to know if there is possibility to protect the lustre servers from lustre clients? If yes, how? Cheers,Gang
David Vasil
2012-Apr-16 15:34 UTC
[Lustre-discuss] Is there possibility to protect lustre servers from lustre clients?
Gang, You could use root_squash to restrict which client nodes have full root access: http://build.whamcloud.com/job/lustre-manual/lastSuccessfulBuild/artifact/lustre_manual.html#dbdoclet.50438221_64726 _____ David Vasil DataDirect Networks On 04/12/2012 10:55 AM, qing wrote:> Dear Lustre experts: > > As far as I know, Lustre can not distinguish between machines. All machines that access the system has complete access to administrative commands. The > superuser in any machine has complete control over the whole file system, and any misuse, intended or accidental might cause server damage. But I still want to know if there is possibility to protect the lustre servers from lustre clients? If yes, how? > > Cheers,Gang > > _______________________________________________ > Lustre-discuss mailing list > Lustre-discuss at lists.lustre.org > http://lists.lustre.org/mailman/listinfo/lustre-discuss
WANG Lu
2012-Apr-19 13:10 UTC
[Lustre-discuss] Is there possibility to protect lustre servers from lustre clients?
Hi Gang, Lustre provides root squash, you can map root account to a different nid:gid so that root on client can not destroy any data belongs to users. See more detailes at: http://wiki.lustre.org/manual/LustreManual18_HTML/LustreSecurity.html#50651270_64726 Cheers, Lu ?2012-04-12 23:55:41,WANG Lu<wanglu at ihep.ac.cn>???> Dear Lustre experts: > > As far as I know, Lustre can not distinguish between machines. All machines that access the system has complete access to administrative commands. The > superuser in any machine has complete control over the whole file system, and any misuse, intended or accidental might cause server damage. But I still want to know if there is possibility to protect the lustre servers from lustre clients? If yes, how? > > Cheers,Gang > > _______________________________________________ > Lustre-discuss mailing list > Lustre-discuss at lists.lustre.org > http://lists.lustre.org/mailman/listinfo/lustre-discuss