[
https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomek Rękawek updated OAK-7725:
-------------------------------
Attachment: OAK-7725-tests.patch
> Allow to have the users and groups created in the immutable part of the
> composite setup
> ---------------------------------------------------------------------------------------
>
> Key: OAK-7725
> URL: https://issues.apache.org/jira/browse/OAK-7725
> Project: Jackrabbit Oak
> Issue Type: Story
> Components: composite, security
> Reporter: Tomek Rękawek
> Assignee: Tomek Rękawek
> Priority: Major
> Fix For: 1.12
>
> Attachments: OAK-7725-tests.patch
>
>
> When running the Oak with Composite Node Store, the /home subtree is always
> stored in the mutable, global part. Therefore, even if we switch the
> immutable part (eg. /libs), the users and groups are not affected.
> This setup makes sense for the users and groups created interactively.
> However, we also have the service users, which usually are not created
> interactively, but are part of the application and therefore are related to
> the /libs part. For such users, it'd make sense to include them dynamically,
> together with the application, read-only mount.
> The proposal is to allow some part of the /home (eg. /home/service) to be
> mounted from the read-only partial node store. Let's consider the constraints
> we need to put in place (eg. it shouldn't be possible to have inter-mounts
> group memberships) and how we can implement this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
