Minor Description
When a regular user on a Lustre client tries to open a file, the client's normal behavior is to send a maximum of 2 supplementary groups for the user to the servers. Without complete supplementary group information, the MDS may not be able to authorize access to a resource, so may return "permission denied", even though the user is technically authorized to access the resource. This is especially true for resources with access controlled by ACLs. For this reason, the client is able to send alternative supplementary groups to the server using a retry mechanism. If the first authorization fails, then the failure reply from the server will include a hint that the client is able to retry. A retried authorization attempt is then sent, including alternative supplementary groups, selected using group information hinted in the reply from the MDT.
This retry mechanism only exists for file open, but could also be implemented for file create.
Attachments
Issue Links
- mentioned in
-
![[Whamcloud Community Wiki] Page](/images/icons/generic_link_16.png "[Whamcloud Community Wiki] Page")
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page Loading...
-
Activity
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/56098
Subject: LU-18158 sec: hint client in case of failed open-create
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 664dd1c24da09509748bd1dbdc2b82b78f3c37f9
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/56098/
Subject: LU-18158 sec: hint client in case of failed reint open
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: e603ddadd5eef4173079d20a0ec1b388b4935cc0