[gpfsug-discuss] Multicluster UID Mapping
Luke Raimbach
luke.raimbach at oerc.ox.ac.uk
Mon Jul 14 08:26:11 BST 2014
Dear GPFS Experts,
I have two clusters, A and B where cluster A owns file system GPFS and cluster B owns no file systems.
Cluster A is mixed Linux/Windows and has IMU keeping consistent UID/GID maps between Windows and Linux environment resulting in a very high ID range (typically both UID/GID starting at 850000000)
Cluster B remote mounts file system GPFS with UID/GID=0 remapped to 99. This is fine for preventing remote root access to file system GPFS. However, cluster B may have untrusted users who have root privileges on that cluster from time-to-time. Cluster B is "part-managed" by the admin on cluster A, who only provides tools for maintaining a consistent UID space with cluster A.
In this scenario, what can be done to prevent untrusted root-privileged users on cluster B from creating local users with a UID matching one in cluster A and thus reading their data?
Ideally, I want to remap all remote UIDs *except* a small subset which I might trust. Any thoughts?
Cheers,
Luke.
--
Luke Raimbach
IT Manager
Oxford e-Research Centre
7 Keble Road,
Oxford,
OX1 3QG
+44(0)1865 610639
More information about the gpfsug-discuss
mailing list