Re: Protecting Files in CephFS from accidental deletion or encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 20/12/2022 03:15, Stefan Kooman wrote:
On 12/19/22 18:36, Ramana Krisna Venkatesh Raja wrote:
On Mon, Dec 19, 2022 at 12:20 PM Ramana Krisna Venkatesh Raja
<rraja@xxxxxxxxxx> wrote:

On Mon, Dec 19, 2022 at 11:14 AM Stefan Kooman <stefan@xxxxxx> wrote:

On 12/19/22 16:46, Christoph Adomeit wrote:
Hi,

we are planning an archive with cephfs containing 2 Petabytes of Data
on 200 slow S-ATA Disks on a single cephfs with 150 subdirectories. The Disks
will be around 80% full (570 TB of Data, 3-way replication).

Since this is an archive most of the data will be written once and read only sometimes. Deletions are very seldom. Changes of the filesystem in general
are not very often.

The cephfs is exported via samba.

Now I am thinking about how we can protect the data from accidental deletion
or from malicious deletion from people knowing the login data.

Also protection from administrator errors might be a good idea, imagine an
admin on shell running an  rsync --delete /usbdisk/ /cephfs/

This might help when using kernel cephfs mounts:

https://docs.ceph.com/en/latest/cephfs/client-auth/#root-squash

The "root-squash" feature currently doesn't work as expected,
https://tracker.ceph.com/issues/56067 . So you wouldn't want to use it
until the bug is fixed.


There are two ceph PRs to fix this:

https://github.com/ceph/ceph/pull/48027

https://github.com/ceph/ceph/pull/47506

Maybe it's better to remove the "root-squash" section from the docs
until the feature is fixed, or include a warning in the docs that the
feature doesn't work?

A warning message seems appropriate here.

Yeah, a warning message sounds better.

- Xiubo


Gr. Stefan
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux