[Ocfs2-users] howto achieve inter-node file permissions / workarounds
Herbert van den Bergh
herbert.van.den.bergh at oracle.com
Fri Feb 4 13:22:36 PST 2011
If you are sharing the block device that contains the OCFS2 filesystem
with all VM's, and the end user you want to restrict can get root
privileges in the VM (with or without your permission), then all bets
are off. They will have access to the entire device.
Thanks,
Herbert.
On 2/4/11 12:44 PM, Petr Vacek wrote:
> Greetings,
> I would like to know if there is possibility to deny / obscure access
> into some directory within ocfs2 for specific nodes - or allow just
> specific nodes.
> I am using ocfs2 shared storage among Xen VM (because it's performance
> is better than NFS with our hardware), but then root of each VM has
> absolute access to the whole ocfs2 filesystem - which I would like to
> limit this at least a little bit,
> I know that the root of node has access to a raw block device so it
> cannot be done down to all levels, but if the mounted filesystem would
> respect some limits for a local root
> that would be very fine for me.
>
> Is this doable and if it is easy which utility/ command would allow that ?
>
> If not, should a simple kernel module/patch limiting access to specific
> UID/GIDs for all users including root do the trick ? (I am thinking that
> if such module does not exist, I can get it made and then map
> node-specific directories into these uid/gids , so they will be
> accessible only from a single node , if that's viable ...)
>
> Thanks for any hints or tips in advance
>
> Regards
> Petr Vacek
>
>
>
> _______________________________________________
> Ocfs2-users mailing list
> Ocfs2-users at oss.oracle.com
> http://oss.oracle.com/mailman/listinfo/ocfs2-users
More information about the Ocfs2-users
mailing list