Upload File

richacl & glusterfs

Download RichACL & GlusterFS

If you can't read please download the document

Upload: rajesh-joseph

Post on 15-Aug-2015

147 views

Category:

Software


1 download

Report

TRANSCRIPT

  1. 1. RichACL & Gluster Rajesh Joseph GlusterFS Dev Team
  2. 2. 05/22/15 AGENDA Unix Permission Model POSIX. 1e ACL Windows ACL NFSv4 ACL RichACL Gluster & RichACL Q&A
  3. 3. 05/22/15 Unix Permission Model Standardized in POSIX. 1 Permissions based on three classes: User Group Others Read (r), Write (w) and execute (x) permission bits Separate namespaces for UIDs and GIDs
  4. 4. 05/22/15 POSIX.1e ACL More flexible ACL is variable length list of ACEs (Access Control Entries) Types of ACL entries Owner (user::rwx) Named User (user::rwx) Owning Group (group::rwx) Named Group (group::rwx) Mask (mask::rwx) Others (other::rwx)
  5. 5. 05/22/15 POSIX.1e ACL Only ALLOW mode with three permission bits Read (r) Write (w) Execute (x) Minimal ACL Extended ACL
  6. 6. POSIX.1e ACL r w - r - - - - - O w ner C lass O ther C lass G roup C lass Minimal Acess Control List User::rw- Other::r-- Group::r--
  7. 7. POSIX.1e ACL r w - r w - - - - O w ner C lass O ther C lass G roup C lass Extended Acess Control List User::rw- Group::r-- User:joe:rw- Other::--- mask::rw-
  8. 8. 05/22/15 POSIX.1e ACL Directories have another ACL Default ACL Looks similar to normal ACL Not user for enforcing Effects of Default ACL A subdirectory inherits the default ACLs of the parent directory both as its default ACLs and as an access ACLs A file inherits the default ACLs as its access ACLs.
  9. 9. 05/22/15 Windows ACL Two types of ACL Discretionary Access Control List (DACL) System Access Control List (SACL) Users, groups identified by Security Identifiers (SID) Users and groups share the same namespace Three types of ACE (Access Control Entries) Access Allowed (ALLOW) Access Denied (DENY) System Audit (AUDIT)
  10. 10. 05/22/15 Windows ACL Lot of more granular control Change permissions Take ownership Traverse folders / Execute files List folders / Read data Read attributes Read extended attributes Read permissions
  11. 11. 05/22/15 Windows ACL Lot of more granular control Create files / Write data Create folders / Append data Write attributes Write extended attributes Delete sub-folders and files Delete Syncronize
  12. 12. 05/22/15 Windows ACL ACL order matters Each ACE is associated with a SID Special SIDs Everyone, FileCreators, etc. Each ACE has flags which tells inheritance rules OBJECT_INHERIT_ACE files inherit ACE CONTAINER_INHERIT_ACE folders inherit ACE INHERIT_ONLY_ACE User only for inheritance INHERITED_ACE All inherited ACE will have this flag
  13. 13. 05/22/15 NFSv4 ACL Based on Windws ACL Same permissions bits as Windows Plus two in NFSv4.1 Similar ACE types to Windows: ALLOW DENY AUDIT ALARM
  14. 14. 05/22/15 NFSv4 ACL Users, groups identified by principals. A principal is either Named user (e.g. [email protected]) Group Special principals OWNER@ GROUP@ EVERYONE@ Use ACE flags similar to Windows
  15. 15. 05/22/15 RichACL Similar to NFSv4 ACL Users, groups identified by Unix numerical IDs. ACE order is important Same 14 permission bits as NFsv4 Supports same three file class as POSIX.1 owner group others
  16. 16. 05/22/15 RichACL Each file class is associated with a file mask (16b) for each RichACL permission Each mask is an upper bound on granted permissions for its class RichACL supports EVERYONE@ instead of OTHER class
  17. 17. 05/22/15 GlusterFS ACL Gluster supports POSIX ACL Implemented as a translator ACLs are stored in back-end file-system using EA (Extended attributes) To support POSIX ACL, the volume must be mounted with acl option mounttglusterfsoacl
  18. 18. 05/22/15 GlusterFS & RichACL Gluster supports multiple access protocols - Fuse, NFS, SMB. All three access protocols uses different ACLs POSIX.1e cannot represent NFSv4 and SMB (Windows) ACL because of its limited set of permission bits. RichACL is one step closer towards multi-protocol access.
  19. 19. 05/22/15 GlusterFS & RichACL Challenges and/or design considerations Gluster can support either POSIX.1e ACL or RichACL, but not both File-system migration needed to convert existing ACL to RichACL Once converted to RichACL the file-system cannot be converted back to POSIX.1e ACL without information loss. RichACL Enforcement logic should go in Gluster to support underlying file-system which does not support RichACL. Limited size of extended attributes (EA)
  20. 20. 05/22/15 References http://www.bestbits.at/richacl/ http://www.fmeh.org/ols-2010-implementing-richacl-paper.pdf https://github.com/andreas-gruenbacher/richacl/
  21. 21. 05/22/15 Q & A

GlusterFS and RHS for SysAdmins - Red Hatpeople.redhat.com/ndevos/talks/fisl15/gluster_for_sysadmins... · GlusterFS: ... Gluster Red Hat Storage ... GlusterFS and RHS for SysAdmins

Glusterfs geo-replication

GlusterFS / CTDB Integration · GlusterFS / CTDB Integration v1.0 2013.05.14 Etsuji Nakai Senior Solution Architect ... GlusterFS interconnect, access to the lock volume is not guaranteed

GlusterFS at OSUOSL

Clusters With Glusterfs

Glusterfs 소개 v1.0_난공불락세미나

GlusterFS - raspodijeljeni podatkovni sustav

Integrating GlusterFS & supporting storage array offloads ...resources.ovirt.org/old-site-files/wiki/Ovirt_wksp_blr.pdf · 12 Enabling GlusterFS for Virtualization use QEMU-GlusterFS

Petascale Cloud Storage with GlusterFS

GlusterFS – a Scale-Out Data Platform - Linux Foundation · PDF file10/25/12 Enabling GlusterFS for Virtualization use QEMU-GlusterFS integration Native integration, no FUSE mount

GlusterFS - · PDF file( . © 2011 CustomSol 39 GlusterFS – Thomas Halinka – OSDC 2011 – 06.04.2011 GlusterFS – Usage

GlusterFS - guug.de · PDF file• Further information and examples: •apt-get install glusterfs-examples

Glusterfs 구성제안 및_운영가이드_v2.0

Systèmesdefichiersdistribués:comparaisonde GlusterFS ... · PDF file1/34 Introduction NFS GlusterFS MooseFS Ceph Comparaison Conclusion Systèmesdefichiersdistribués:comparaisonde

GlusterFS Challenges and Futures - SNIA · 2020-02-01 · GlusterFS Challenges and Futures Jeff Darcy Storage Developer Conference September 17, 2012. What Is GlusterFS? ... use flags

GLUSTER 4 - FOSDEM · GlusterFS provided storage GlusterFS v1 - Part of main Gluster project GlusterFS v2 - Split into a seperate project GlusterFS v3 - Primary project. GLUSTERFS-3.X

GLUSTERD-2 - FOSDEM...GLUSTERFS TERMS Peer/Node/Server - A computer with the GlusterFS server packages installed Trusted Storage Pool - The GlusterFS cluster Brick - An empty directory

GlusterFS Documentation

Clusters de stockage : GlusterFS - · PDF fileRAIN Infiniband Traducteurs GlusterFS Exemples Clusters de stockage : GlusterFS David Delavennat Centre de Génétique Moléculaire Rencontres

Glusterfs 구성제안서 v1.0

GlusterFS – Architecture & Roadmap

GlusterFS as a DFS

Glusterfs and openstack

GlusterFS Cloud Storage

glusterfs 文件系统

Mésocentres 2016: GlusterFS

Project Aplo: GlusterFS Container Converged with OpenShift · Solution Provide a solution that will run GlusterFS as containers in OpenShift pods. Integrate GlusterFS deployment and

QEMU-GlusterFS integration

Glusterfs 구성제안 v1.0

Implement GlusterFS on Azure · PDF fileImplement GlusterFS on Azure . 4 . Introduction . Recently, AzureCAT worked with a customer to set up GlusterFS distributed file system, a free,

GlusterFS and Openstack Storage

GlusterFS And Big Data

QEMU-GlusterFS integration › en › latest › ...Enabling GlusterFS for Virtualization use QEMU-GlusterFS integration – Native integration, no FUSE mount – Gluster as QEMU block

Glusterfs: un filesystem altamente versatile

GlusterFS Challenges and Futures