On 06/08/2011 08:25 AM, Emmanuel Dreyfus wrote: > Hello > > As far as I understand, a glusterfs server fully trusts the clients > regarding uid/gid. It behaves just like NFS with -maproot=root. > > It would beinteresting to have the ability to limit the trust. > For instance, one could say that 192.0.2/24 can only perform file > operations with calling user uid range within 1000-2000. > > I am ready to contribute a xlator for that. As an alternative, might I suggest CloudFS? It's essentially a set of GlusterFS translators, one of which not only limits client operations to a specific UID/GID range but also dynamically maps between the client and server UIDs based on the client machine's identity (which itself can be determined in multiple ways including SSL authentication). In fact, this translator was just merged up to the CloudFS master branch yesterday, so now would be an excellent time for someone to try it and provide feedback. http://cloudfs.org/cloudfs-overview/ http://git.fedorahosted.org/git/?p=CloudFS.git
