Project

General

Profile

Feature #42451

mds: add root_squash

Added by Patrick Donnelly 9 months ago. Updated 23 days ago.

Status:
New
Priority:
Urgent
Assignee:
Category:
Administration/Usability
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
octopus
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol
Labels (FS):
Pull request ID:

Description

Allow a root squash mode via the MDS capability. The purpose here is not so much to prevent a true adversary (the client always send a request as the appropriate uid/gid), but instead to prevent an accidental command like, say, rm -r $PTAH/ (where $PATH is presumably something real but $PTAH is not).

"CERN was asking for something even simpler: allow hosts to mount and interact as any user, except prevent root. The specific use-case is to avoid an accidental 'sudo rm -rf ...'.

I think this would take the form of a flag on the normal grant object where root_squash=true. Requests with any uid != 0 would be permitted, but uid == 0 denied. Obviously a malicious user could simply delete each file as the uid the file is owned by, but the purpose of the flag is avoiding user error, not security."

History

#1 Updated by Patrick Donnelly 9 months ago

  • Assignee set to Ramana Raja

#2 Updated by Patrick Donnelly 6 months ago

  • Target version deleted (v15.0.0)

#3 Updated by Patrick Donnelly 23 days ago

  • Category set to Administration/Usability
  • Priority changed from High to Urgent
  • Target version set to v16.0.0
  • Backport set to octopus

Also available in: Atom PDF