[Gluster-devel] Fuse Subdirectory mounts, access-control
Pranith Kumar Karampuri
pkarampu at redhat.com
Thu Mar 3 07:15:52 UTC 2016
Hi,
This mail explains the initial design about how this will happen.
Administrators are going to create a directory on the volume with normal
fuse-mount(Or any other mounts) let's call it 'subdir1'.
Administrator will create auth-allow/reject options with the
ip/addresses he chooses to grant the access-control to given set of
machines.
Mount command is executed for the volume 'vol', for subdirectory
'subdir1' with the following command:
mount -t glusterfs server1:/vol/subdir1 /mnt
When this command is executed, volfile is requested with volfile-id
'/vol/subdir1'
Glusterd on seeing this volfile-id will generate the client xlator with
remote-subvolume appending '/subdir1'
When graph initialization on fuse mount happens, client xlator sends
setvolume with the remote-subvolume which has extra '/subdir1' at the
end. Server xlator will do the access-control checks based on if this ip
has access for the subdir1 based on the configuration. If setvolume is
successful, server xlator sends gfid of the '/subdir1' in the response
for setvolume. Client xlator sends this in CHILD_UP notification. Fuse
mount sets this gfid as root_gfid and does a resolution by sending
lookup fop.
Some of the things we are not clear about:
1) Should acls be set based on paths/gfids of the directories?
2) If answer to 1) is based on paths, what should happen if the
directories are renamed?
Pranith & Kaushal
More information about the Gluster-devel
mailing list