Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}"

From: Xiubo Li
Date: Tue Oct 25 2022 - 05:18:24 EST

Next message: Paulo Miguel Almeida: "[PATCH] [next] amdkfd: remove unused kfd_pm4_headers_diq header file"
Previous message: Bagas Sanjaya: "Re: [PATCH 6.0 00/20] 6.0.4-rc1 review"
In reply to: Max Kellermann: "Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}""
Next in thread: Max Kellermann: "Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 25/10/2022 15:22, Max Kellermann wrote:

On Tue, Oct 25, 2022 at 3:36 AM Xiubo Li <xiubli@xxxxxxxxxx> wrote:

Currently cephx permission has already supported the 's' permission,
which means you can do the snapshot create/remove. And for a privileged
or specific mounts you can give them the 's' permission and then only
they can do the snapshot create/remove. And all the others won't.

But that's a client permission, not a user permission.

I repeat: the problem is that snapshots should only be
accessible/discoverable/creatable by certain users (UIDs/GIDs) on the
client machine, independent of their permission on the parent
directory.

Hi Max,

Yeah, the cephx permission could cover this totally and there is no need to worry about the user id mapping issue.

You can allow the mount with specific client ids, "client.privileged" for example, could create/remove the snapshots:

[client.privileged]
    key = AQA19uZUqIwkHxAAFuUwvq0eJD4S173oFRxe0g==
    caps mds = "allow rws /"
    caps mon = "allow *"
caps osd = "allow *"

[client.global]
    key = xE21RuZTqIuiHxFFAuEwv4TjJD3R176BFOi4Fj==
    caps mds = "allow rw /"
    caps mon = "allow *"
caps osd = "allow *"

Then specify the client ids when mounting:

$ sudo ./bin/mount.ceph privileged@.a=/ /mnt/privileged/mountpoint

$ sudo ./bin/mount.ceph global@.a=/ /mnt/global/mountpoint

Just to make sure only certain users, who have permission to create/remove snapshots, could access to the "/mnt/privileged/" directory.

I didn't read the openshift code, but when I was debugging the bugs and from the logs I saw it acting similarly to this.

My patch decouples parent directory permissions from snapdir
permissions, and it's a simple and elegant solution to my problem.

Yeah, I'm aware of the differences between these two approaches exactly. This should be a common feature not only in kernel client. We also need to implement this in cephfs user space client. If the above cephx permission approach could work very well everywhere, I am afraid this couldn't go to ceph in user space.

And then use the container or something else to make the specific users
could access to them.

Sorry, I don't get it at all. What is "the container or something" and
how does it enable me to prevent specific users from accessing
snapdirs in their home directories?

Please see my above example. If that still won't work well, please send one mail in ceph-user to discuss this further, probably we can get more feedbacks from there.

Thanks!

- Xiubo

Next message: Paulo Miguel Almeida: "[PATCH] [next] amdkfd: remove unused kfd_pm4_headers_diq header file"
Previous message: Bagas Sanjaya: "Re: [PATCH 6.0 00/20] 6.0.4-rc1 review"
In reply to: Max Kellermann: "Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}""
Next in thread: Max Kellermann: "Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]