Thanks for the clarifications.
Aurélien
Le 14/01/2019 01:36, « Andreas Dilger » a écrit :
On Jan 10, 2019, at 04:52, Degremont, Aurelien wrote:
>
>
> Le 09/01/2019 21:39, « Andreas Dilger » a écrit :
>
>> If admins completely trust the client nodes (e.g. they are o
On Jan 10, 2019, at 04:52, Degremont, Aurelien wrote:
>
>
> Le 09/01/2019 21:39, « Andreas Dilger » a écrit :
>
>> If admins completely trust the client nodes (e.g. they are on a secure
>> network) or they completely _distrust_ them (e.g. subdirectory mounts
>> with nodemaps/idmaps and Kerber
Le 09/01/2019 21:39, « Andreas Dilger » a écrit :
If admins completely trust the client nodes (e.g. they are on a secure
network) or they completely _distrust_ them (e.g. subdirectory mounts
with nodemaps/idmaps and Kerberos/SSK to identify them), or the data
just isn't that
On Jan 9, 2019, at 07:52, Daniel Kobras wrote:
>
> Hi Aurélien!
>
> Am 09.01.19 um 14:30 schrieb Degremont, Aurelien:
>> The secondary group thing was ok to me. I got this idea even if there is
>> some weird results during my tests. Looks like you can overwrite MDT checks
>> if user and group
Hi Aurélien!
Am 09.01.19 um 14:30 schrieb Degremont, Aurelien:
> The secondary group thing was ok to me. I got this idea even if there is some
> weird results during my tests. Looks like you can overwrite MDT checks if
> user and group is properly defined on client node. Cache effects?
In a tal
After most tests, when identity_upcall is set to NONE, it looks like only ACL
using secondary groups are not satisfied.
If secondary groups are properly defined on clients, accesses are granted as
expected.
Aurélien
Le 09/01/2019 14:31, « lustre-discuss au nom de Degremont, Aurelien »
a écr
Hi Daniel!
The secondary group thing was ok to me. I got this idea even if there is some
weird results during my tests. Looks like you can overwrite MDT checks if user
and group is properly defined on client node. Cache effects?
ACL is really the thing I was interested in. Who is validating the
Hi Aurélien!
Am 09.01.19 um 11:48 schrieb Degremont, Aurelien:
> When disabling identity_upcall on a MDT, you get this message in system
> logs:
>
> lustre-MDT: disable "identity_upcall" with ACL enabled maybe cause
> unexpected "EACCESS"
>
> I’m trying to understand what could be a scenar
Hello all,
When disabling identity_upcall on a MDT, you get this message in system logs:
lustre-MDT: disable "identity_upcall" with ACL enabled maybe cause
unexpected "EACCESS"
I’m trying to understand what could be a scenario that shows this problem?
What is the implication, or rather, h
