When the Shared Key feature of Lustre is active, and the Nodemap "admin" property for a nodemap is set to 0, Lustre does not restrict access to that nodemap as it normally would without Shared Key. Examples of this issue occurring can be found in tests 17, 18, and 20-23 of sanity-sec in the testing framework of the following run:
This may be replicated on a system with Shared Key and Nodemap features enabled, by setting all nodemap admin and trusted properties to 0. Under these conditions, the system does not fully limit root access.
The error returned by the test framework is:
sanity-sec test_17: @@@@@@ FAIL: test trusted_noadmin:0:c0:0:000, wanted 0 0, got 1 1
The "0 0" desired by this test is the output of do_create_delete() from the sanity-sec.sh suite in the testing framework. This function attempts to touch, and then remove, a file. Since it should not be able to do either, the test fails since both operations are permitted. Other tests of the same nature fail for similar reasons.