Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-19867

nodemap: quota is not enforced for offset local root user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • Lustre 2.18.0
    • Lustre 2.17.0
    • None
    • 3
    • 9223372036854775807

      Typically, root users can bypass quota restrictions if the root UID is not squashed on the server side and the CAP_SYS_RESOURCE capability is set on the client. However, when offsets are used, and the local admin rbac is not set on the nodemap, quota restrictions should still be enforced for a client root user. If the local admin rbac is set, quota restrictions can be bypassed.

      Currently, the local admin rbac is not included in this server-side check. Therefore, additional checks are needed so that the quota is enforced when the local admin rbac is not set.

            mvef Marc Vef
            mvef Marc Vef
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: