Skip to content
Snippets Groups Projects
Commit 99281fe3 authored by Lukáš Krupčík's avatar Lukáš Krupčík
Browse files

Update storage.md

parent 1ef76041
No related branches found
No related tags found
4 merge requests!368Update prace.md to document the change from qprace to qprod as the default...,!367Update prace.md to document the change from qprace to qprod as the default...,!366Update prace.md to document the change from qprace to qprod as the default...,!323extended-acls-storage-section
Hide whitespace changes
Inline Side-by-side
docs.it4i/barbora/storage.md
+ 15
24
View file @ 99281fe3
...@@ -227,34 +227,24 @@ Extended ACLs provide another security mechanism beside the standard POSIX ACLs ...@@ -227,34 +227,24 @@ Extended ACLs provide another security mechanism beside the standard POSIX ACLs
ACLs on a Lustre file system work exactly like ACLs on any Linux file system. They are manipulated with the standard tools in the standard manner. Below, we create a directory and allow a specific user access. ACLs on a Lustre file system work exactly like ACLs on any Linux file system. They are manipulated with the standard tools in the standard manner. Below, we create a directory and allow a specific user access.
* [nfs4_setfacl][e]
* [nfs4_getfacl][l]
```console ```console
[vop999@login1.barbora ~]$ umask 027 vop999@login1:~$ nfs4_getfacl test
[vop999@login1.barbora ~]$ mkdir test
[vop999@login1.barbora ~]$ ls -ld test
drwxr-x--- 2 vop999 vop999 4096 Nov 5 14:17 test
[vop999@login1.barbora ~]$ getfacl test
# file: test # file: test
# owner: vop999 A::OWNER@:rwaxtTcCy
# group: vop999 A::GROUP@:rwatcy
user::rwx A::EVERYONE@:rtcy
group::r-x vop999@login1:~$ nfs4_setfacl -a A::GROUP@:RWX test
other::--- vop999@login1:~$ nfs4_getfacl test
[vop999@login1.barbora ~]$ setfacl -m user:johnsm:rwx test
[vop999@login1.barbora ~]$ ls -ld test
drwxrwx---+ 2 vop999 vop999 4096 Nov 5 14:17 test
[vop999@login1.barbora ~]$ getfacl test
# file: test # file: test
# owner: vop999 A::OWNER@:rwaxtTcCy
# group: vop999 A::GROUP@:rwaxtcy
user::rwx A::EVERYONE@:rtcy
user:johnsm:rwx
group::r-x
mask::rwx
other::---
``` ```
Default ACL mechanism can be used to replace setuid/setgid permissions on directories. Setting a default ACL on a directory (-d flag to setfacl) will cause the ACL permissions to be inherited by any newly created file or subdirectory within the directory. Refer to this page for more information on Linux ACL at [RedHat guide][e]. Default ACL mechanism can be used to replace setuid/setgid permissions on directories. Setting a default ACL on a directory will cause the ACL permissions to be inherited by any newly created file or subdirectory within the directory.
## Local Filesystems ## Local Filesystems
...@@ -378,10 +368,11 @@ Transfer rates of about 28 MB/s can be expected. ...@@ -378,10 +368,11 @@ Transfer rates of about 28 MB/s can be expected.
[b]: http://www.nas.nasa.gov/hecc/support/kb/Lustre_Basics_224.html#striping [b]: http://www.nas.nasa.gov/hecc/support/kb/Lustre_Basics_224.html#striping
[c]: http://doc.lustre.org/lustre_manual.xhtml#managingstripingfreespace [c]: http://doc.lustre.org/lustre_manual.xhtml#managingstripingfreespace
[d]: https://support.it4i.cz/rt [d]: https://support.it4i.cz/rt
[e]: https://access.redhat.com/documentation/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/ch09s05.html [e]: http://man7.org/linux/man-pages/man1/nfs4_setfacl.1.html
[f]: https://du.cesnet.cz/ [f]: https://du.cesnet.cz/
[g]: https://du.cesnet.cz/en/start [g]: https://du.cesnet.cz/en/start
[h]: mailto:du-support@cesnet.cz [h]: mailto:du-support@cesnet.cz
[i]: https://du.cesnet.cz/en/navody/home-migrace-plzen/start [i]: https://du.cesnet.cz/en/navody/home-migrace-plzen/start
[j]: https://du.cesnet.cz/en/navody/faq/start [j]: https://du.cesnet.cz/en/navody/faq/start
[k]: https://du.cesnet.cz/en/navody/rsync/start#pro_bezne_uzivatele [k]: https://du.cesnet.cz/en/navody/rsync/start#pro_bezne_uzivatele
[l]: http://man7.org/linux/man-pages/man1/nfs4_getfacl.1.html
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment