[gpfsug-discuss] Multicluster UID Mapping

Luke Raimbach luke.raimbach at oerc.ox.ac.uk
Mon Jul 14 08:26:11 BST 2014

Dear GPFS Experts,

I have two clusters, A and B where cluster A owns file system GPFS and cluster B owns no file systems.

Cluster A is mixed Linux/Windows and has IMU keeping consistent UID/GID maps between Windows and Linux environment resulting in a very high ID range (typically both UID/GID starting at 850000000)

Cluster B remote mounts file system GPFS with UID/GID=0 remapped to 99. This is fine for preventing remote root access to file system GPFS. However, cluster B may have untrusted users who have root privileges on that cluster from time-to-time. Cluster B is "part-managed" by the admin on cluster A, who only provides tools for maintaining a consistent UID space with cluster A.

In this scenario, what can be done to prevent untrusted root-privileged users on cluster B from creating local users with a UID matching one in cluster A and thus reading their data?

Ideally, I want to remap all remote UIDs *except* a small subset which I might trust. Any thoughts?



Luke Raimbach
IT Manager
Oxford e-Research Centre
7 Keble Road,

+44(0)1865 610639

More information about the gpfsug-discuss mailing list