Interesting. I thought cephfs could be a replacement for a nfs server for holding home directories, but not have a single point of failure. I'm surprised that is generally frowned upon by the comments. Sent from my Windows 10 phone From: John Spray<mailto:jspray@xxxxxxxxxx> Sent: Friday, February 10, 2017 4:21 AM To: Robert Sander<mailto:r.sander@xxxxxxxxxxxxxxxxxxx> Cc: ceph-users@xxxxxxxxxxxxxx<mailto:ceph-users@xxxxxxxxxxxxxx> Subject: Re: CephFS root squash? On Fri, Feb 10, 2017 at 8:02 AM, Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx> wrote: > On 09.02.2017 20:11, Jim Kilborn wrote: > >> I am trying to figure out how to allow my users to have sudo on their workstation, but not have that root access to the ceph kernel mounted volume. > > I do not think that CephFS is meant to be mounted on human users' > workstations. We'd all like to avoid squishy human users if possible but sometimes it's unavoidable :-D My feeling is that cephfs should be mounted natively only on trusted, "tightly coupled" systems, whose availability is comparable to that of the servers. So on a typical user laptop would be a bad idea, but on a big visualization workstation might be OK, or on the always-on identical desktops in a single CAD/CGI/EDA team might be okay too. Slow/naughty clients generally only cause pain to other clients in the same filesystem, so if you do have some files accessible to workstations it might also be prudent to segregate them in a separate filesystem (currently no cephX way of enforcing that, but if you basically trust the workstations and just want to isolate them in case of bugs/outages, it's okay). John > > Regards > -- > Robert Sander > Heinlein Support GmbH > Schwedter Str. 8/9b, 10119 Berlin > > http://www.heinlein-support.de > > Tel: 030 / 405051-43 > Fax: 030 / 405051-19 > > Zwangsangaben lt. §35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |