Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6415

Deny non-root users for 'lfs changelog & changelog_clear'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • Lustre 2.8.0
    • None
    • None
    • 3
    • 9223372036854775807

      Non-root users have the ability to read changelog entries (which contain filenames and FIDs). More importantly, non-root users have the ability to clear changelogs regardless of permissions on the mountpoint.

      This has potential security implications, in that non-privileged users gain the ability to see information in directories to which they shouldn't have access, and there is also potential for deliberate or accidental DOS by clearing changelogs before the intended reader gets to them (e.g. Robinhood, etc.)

            niu Niu Yawei (Inactive)
            niu Niu Yawei (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: