Re: [Gluster-devel] limiting client trust

gluster-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gluster-devel] limiting client trust

From:	Jeff Darcy
Subject:	Re: [Gluster-devel] limiting client trust
Date:	Wed, 08 Jun 2011 09:13:13 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc11 Lightning/1.0b2pre Thunderbird/3.0.4

On 06/08/2011 08:25 AM, Emmanuel Dreyfus wrote:
> Hello
> 
> As far as I understand, a glusterfs server fully trusts the clients
> regarding uid/gid. It behaves just like NFS with -maproot=root.
> 
> It would beinteresting to have the ability to limit the trust. 
> For instance, one could say that 192.0.2/24 can only perform file
> operations with calling user uid range within 1000-2000.
> 
> I am ready to contribute a xlator for that.

As an alternative, might I suggest CloudFS? It's essentially a set of
GlusterFS translators, one of which not only limits client operations to
a specific UID/GID range but also dynamically maps between the client
and server UIDs based on the client machine's identity (which itself can
be determined in multiple ways including SSL authentication). In fact,
this translator was just merged up to the CloudFS master branch
yesterday, so now would be an excellent time for someone to try it and
provide feedback.

http://cloudfs.org/cloudfs-overview/
http://git.fedorahosted.org/git/?p=CloudFS.git

[Prev in Thread]

Current Thread

[Next in Thread]

[Gluster-devel] limiting client trust, Emmanuel Dreyfus, 2011/06/08
- Re: [Gluster-devel] limiting client trust, Jeff Darcy <=

Prev by Date: [Gluster-devel] limiting client trust
Next by Date: Re: [Gluster-devel] Suggestions
Previous by thread: [Gluster-devel] limiting client trust
Next by thread: Re: [Gluster-devel] [PATCH] Enable replica 1 mirror creation for mirrored volumes
Index(es):
- Date
- Thread