Bug #24284
closed
cephfs: allow prohibiting user snapshots in CephFS
Added by Patrick Donnelly almost 6 years ago.
Updated almost 6 years ago.
Category:
Administration/Usability
Component(FS):
Client, MDS, kceph
Description
Since snapshots can be used to circumvent (accidentally or not) the quotas as snapshot file data that has since been modified or deleted does not count towards the quota.
(This may already be implemented?)
Alternatively, we could also just start counting the snapshot data but this seems non-trivial?
change default of mds_snap_max_uid to 0
Zheng Yan wrote:
change default of mds_snap_max_uid to 0
Okay, but we should enforce that as a file system option (`ceph fs set`) so it's consistently enforced by all MDS and visible to clients.
We should actually discuss what kind of interface admins want. Dan van der Ster certainly has thoughts; others might as well.
eg an "fs set" max uid is better than nothing, but they might prefer it be set for subtrees similarly to layouts? So a privileged user can grant permission to an unprivileged user to snapshot their directory on a case-by-case basis or something.
maybe we can use 'auth string'
change default of mds_snap_max_uid to 0
Use-cases such as Manila let the users mount with root so this will be ineffective.
My humble opinion about this topic is to document the behaviour (limitation) until incremental snapshot usage can be accounted properly by the quota.
We can document that "quota" refers to space used by current head, and e.g. "snapquota" is a snapshot aware quota still to be developed...
- Status changed from New to Fix Under Review
- Status changed from Fix Under Review to Pending Backport
- Copied to Backport #24705: mimic: cephfs: allow prohibiting user snapshots in CephFS added
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF