Fuse Subdirectory mounts, access-control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
      This mail explains the initial design about how this will happen.

Administrators are going to create a directory on the volume with normal fuse-mount(Or any other mounts) let's call it 'subdir1'. Administrator will create auth-allow/reject options with the ip/addresses he chooses to grant the access-control to given set of machines. Mount command is executed for the volume 'vol', for subdirectory 'subdir1' with the following command:
mount -t glusterfs server1:/vol/subdir1 /mnt

When this command is executed, volfile is requested with volfile-id '/vol/subdir1' Glusterd on seeing this volfile-id will generate the client xlator with remote-subvolume appending '/subdir1'

When graph initialization on fuse mount happens, client xlator sends setvolume with the remote-subvolume which has extra '/subdir1' at the end. Server xlator will do the access-control checks based on if this ip has access for the subdir1 based on the configuration. If setvolume is successful, server xlator sends gfid of the '/subdir1' in the response for setvolume. Client xlator sends this in CHILD_UP notification. Fuse mount sets this gfid as root_gfid and does a resolution by sending lookup fop.

Some of the things we are not clear about:
1) Should acls be set based on paths/gfids of the directories?
2) If answer to 1) is based on paths, what should happen if the directories are renamed?

Pranith & Kaushal
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel



[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux