Project

General

Profile

Feature #10679

Add support for the chattr +i command (immutable file)

Added by Eric Eastman about 9 years ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Category:
Correctness/Safety
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
reef,quincy
Reviewed:
Affected Versions:
Component(FS):
MDS
Labels (FS):
task(intern), task(medium)
Pull request ID:

Description

To add an additional layer of protection for files I would like to see
support for the chattr +i command added for files stored in cephfs

Multiple emails were posted to the ceph mail list on this subject including:

http://article.gmane.org/gmane.comp.file-systems.ceph.user/16836
http://article.gmane.org/gmane.comp.file-systems.ceph.user/16848
http://article.gmane.org/gmane.comp.file-systems.ceph.user/16856
http://article.gmane.org/gmane.comp.file-systems.ceph.user/16861

Of the suggestions made on the mail list, I like Sage's where he states:

It seems like we should be checking S_IMMUTABLE in the MDS and,
when set, refusing to issue write caps.

Which I think is better then just trusting the clients to do the
checking.

History

#1 Updated by Greg Farnum almost 8 years ago

  • Category set to Correctness/Safety

#2 Updated by Greg Farnum over 7 years ago

  • Subject changed from Add support for the chattr +i command to Add support for the chattr +i command (immutable file)

#3 Updated by Ronny Aasen about 3 years ago

With todays climate of malware and cryptolockers, being able to protect files with immutable bit have increased in importance. many backup solutions implement immutable to lock the files for the retention periode, even from the service-user running the backup.

#4 Updated by Patrick Donnelly about 3 years ago

  • Component(FS) MDS added
  • Labels (FS) task(intern), task(medium) added

#5 Updated by Ramana Raja about 3 years ago

  • Assignee set to Ramana Raja

#6 Updated by Patrick Donnelly almost 3 years ago

  • Status changed from New to In Progress
  • Target version set to v17.0.0

#7 Updated by Patrick Donnelly over 1 year ago

  • Target version deleted (v17.0.0)

#8 Updated by Patrick Donnelly 8 months ago

  • Status changed from In Progress to New
  • Assignee deleted (Ramana Raja)
  • Target version set to v19.0.0
  • Backport set to reef,quincy

#9 Updated by Milind Changire 8 months ago

  • Assignee set to Milind Changire

I'm claiming this ticket.

Also available in: Atom PDF