[Gluster-devel] limiting client trust

Jeff Darcy jdarcy at redhat.com
Wed Jun 8 13:13:13 UTC 2011


On 06/08/2011 08:25 AM, Emmanuel Dreyfus wrote:
> Hello
> 
> As far as I understand, a glusterfs server fully trusts the clients
> regarding uid/gid. It behaves just like NFS with -maproot=root.
> 
> It would beinteresting to have the ability to limit the trust. 
> For instance, one could say that 192.0.2/24 can only perform file
> operations with calling user uid range within 1000-2000.
> 
> I am ready to contribute a xlator for that.

As an alternative, might I suggest CloudFS? It's essentially a set of
GlusterFS translators, one of which not only limits client operations to
a specific UID/GID range but also dynamically maps between the client
and server UIDs based on the client machine's identity (which itself can
be determined in multiple ways including SSL authentication). In fact,
this translator was just merged up to the CloudFS master branch
yesterday, so now would be an excellent time for someone to try it and
provide feedback.

http://cloudfs.org/cloudfs-overview/
http://git.fedorahosted.org/git/?p=CloudFS.git





More information about the Gluster-devel mailing list