Hi all,
we have a use case where we automatically set up an NFS export,
including a corresponding Filesystem primitive. The file system is
replicated via DRBD, and we have another tool which makes the `mkfs`
call when creating the DRBD resource. Since this export is only used for
anonymous access, we are using the "all_squash" option on the NFS server.
The problem we are now facing is that the top level directory of the
newly created filesystem will be owned by "root", but we need it to be
owned by "nobody" so that the anonymous access via "all_squash" works.
We were wondering if there is interest in (or at least no strong
opposition to) an option on the Filesystem resource agent which does
exactly that: chown the top level directory to "nobody" iff it is empty
and owned by root. So basically, something like setting the "initial
owner" of the file system.
(Side note: your impulsive reaction may be to tell us to just do the
chown wherever we create the file system, so let me explain our
reasoning why we want to avoid that. This "other tool" is LINSTOR[0],
which is – for the sake of this argument – essentially a configuration
generator/manager for DRBD resources. The fact that we create the file
system there is already kind of a hack. We justified it by thinking of
the "mkfs" as part of the process of creating a DRBD resource. Mounting
the file system, chowning the TLD and unmounting it again would be even
worse, and hardly fits the definition of "creating a resource" anymore.
So, in short, we think it would be less complex to do this within the
Filesystem resource agent, where the file system is already being mounted.)
I agree that this may seem too specific of a use case, but we think that
such an option could be a benefit in some cases. Maybe there is even an
application beyond all_squash NFS exports that we are not thinking of.
Lars Ellenberg kindly volunteered to implement such an option if there
is no disapproval.
Anyways, I'm looking forward to hearing your opinion on this.
[0] https://github.com/LINBIT/linstor-server
--
Christoph Böhmwalder
LINBIT | Keeping the Digital World Running
DRBD HA — Disaster Recovery — Software defined Storage
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/developers
ClusterLabs home: https://www.clusterlabs.org/
