[Gluster-devel] [Gluster-users] User-serviceable snapshots design
Anand Avati
avati at gluster.org
Thu May 8 19:35:17 UTC 2014
On Thu, May 8, 2014 at 12:20 PM, Jeff Darcy <jdarcy at redhat.com> wrote:
> > They were: a) snap view generation requires privileged ops to
> > glusterd. So moving this task to the server side solves a lot of those
> > challenges.
>
> Not really. A server-side component issuing privileged requests
> whenever a client asks it to is no more secure than a client-side
> component issuing them directly.
client cannot ask the server side component to do any privileged requests
on its behalf. If it has the right to connect to the volume, then it can
issue a readdir() request and get served with whatever is served to it. If
it presents an unknown filehandle, snap-view-server returns ESTALE.
> There needs to be some sort of
> authentication and authorization at the glusterd level (the only place
> these all converge). This is a more general problem that we've had with
> glusterd for a long time. If security is a sincere concern for USS,
> shouldn't we address it by trying to move the general solution forward?
>
The goal was to not make the security problem harder or worse. With this
design the privileged operation is still contained within the server side.
If clients were to issue RPCs to glusterd (to get list of snaps, their
volfiles etc.), it would have been a challenge for the general glusterd
security problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140508/6ac4ee4a/attachment-0002.html>
More information about the Gluster-devel
mailing list